What is CVE-2024-35277?

CVE-2024-35277 is a high-severity vulnerability in Fortinet Fortimanager, classified under Missing Authentication for Critical Function. CVSS score: 8.4/10. Published 2025-01-14.

How severe is CVE-2024-35277?

High severity. CVSS v3 base score is 8.4 out of 10.

Auth bypass in Fortinet Fortimanager

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the…

Vulnerability class: Broken Authentication

EPSS: 0.002 (41.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C.

Affected products

Fortinet Fortimanager — versions 7.4.0, 7.2.0, 7.0.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-135

Frequently asked questions

What is CVE-2024-35277?: CVE-2024-35277 is a high-severity vulnerability in Fortinet Fortimanager, classified under Missing Authentication for Critical Function. CVSS score: 8.4/10. Published 2025-01-14.
How severe is CVE-2024-35277?: High severity. CVSS v3 base score is 8.4 out of 10.