What is the severity of CVE-2024-47571?

CVE-2024-47571 is classified as a medium-severity vulnerability that allows improper access to FortiGate via valid credentials.

How do I fix CVE-2024-47571?

To fix CVE-2024-47571, upgrade FortiManager to version 7.4.1 or later, 7.2.4 or later, 6.4.13 or later, or ensure you are on version 7.0.9 in the defined safe range.

Which versions of FortiManager are affected by CVE-2024-47571?

Affected versions of FortiManager range from 6.4.12 through 7.4.0.

What type of vulnerability is CVE-2024-47571?

CVE-2024-47571 is an operation on a resource after expiration or release vulnerability, categorized under CWE-672.

Can exploiting CVE-2024-47571 allow unauthorized access?

Yes, exploiting CVE-2024-47571 can grant an attacker improper access to FortiGate resources using valid credentials.

Vulnerability/
CVE-2024-47571

critical

9.8

CWE

672

14/1/2025

19/3/2025

CVE-2024-47571: Admin Account Persistence after Deletion

First published: Tue Jan 14 2025(Updated: )

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiManager	=.
Fortinet FortiManager	=.
Fortinet FortiManager	>=7.0.7<=7.0.8
Fortinet FortiManager	=.
Fortinet FortiManager	>=7.0.7<7.0.9
Fortinet FortiManager	=6.4.12
Fortinet FortiManager	=7.2.3
Fortinet FortiManager	=7.4.0

Remedy

Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-47571?
CVE-2024-47571 is classified as a medium-severity vulnerability that allows improper access to FortiGate via valid credentials.
How do I fix CVE-2024-47571?
To fix CVE-2024-47571, upgrade FortiManager to version 7.4.1 or later, 7.2.4 or later, 6.4.13 or later, or ensure you are on version 7.0.9 in the defined safe range.
Which versions of FortiManager are affected by CVE-2024-47571?
Affected versions of FortiManager range from 6.4.12 through 7.4.0.
What type of vulnerability is CVE-2024-47571?
CVE-2024-47571 is an operation on a resource after expiration or release vulnerability, categorized under CWE-672.
Can exploiting CVE-2024-47571 allow unauthorized access?
Yes, exploiting CVE-2024-47571 can grant an attacker improper access to FortiGate resources using valid credentials.

agent/remedy
agent/weakness
agent/type
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-47571
agent/first-publish-date
agent/title
agent/references
agent/softwarecombine
agent/description
agent/severity
agent/author
agent/event
agent/source
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
vendor/fortinet
canonical/fortinet fortimanager
version/fortinet fortimanager/.
version/fortinet fortimanager/7.0.7
version/fortinet fortimanager/7.0.8
version/fortinet fortimanager/6.4.12
version/fortinet fortimanager/7.2.3
version/fortinet fortimanager/7.4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.