Rapid7

vulnerability

Fortinet FortiManager: CVE-2024-35277: Missing authentication for managed device configuration files

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jan 14, 2025
Added
Feb 2, 2025
Modified
May 25, 2026

Description

A missing authentication for critical function vulnerability [CWE-306] in FortiManager and FortiPortal may allow a remote unauthenticated attacker to extract the configuration of all managed devices

Solution

fortinet-fortimanager-upgrade-latest
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.