CVE-2024-50568

MEDIUM

5.9CVSS v3

—CVSS v2

0.05% EPSS (exploit probability)

CWE-300CWE

Description

A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests.

CVSS v3 vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE