CVE-2024-50568
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-07-25
Assigner: Fortinet, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-300 | The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Fortinet FortiOS and FortiProxy allows an unauthenticated attacker who knows specific device data to spoof the identity of a downstream device in the security fabric by sending specially crafted TCP requests. It affects certain versions of FortiOS and FortiProxy and involves a channel accessible by non-endpoint, categorized under CWE-300.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to impersonate a downstream device within the security fabric, potentially leading to unauthorized actions or interference with network security operations. This could impact the integrity of the security infrastructure by allowing spoofed devices to bypass certain controls or cause disruptions.