{
  "document" : {
    "aggregate_severity" : {
      "text" : "hoch"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiManager ausnutzen, um Daten zu manipulieren, Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, und Code auszuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Sonstiges",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2025-0087 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0087.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2025-0087 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0087"
    }, {
      "category" : "external",
      "summary" : "FortiGuard PSIRT Advisory FG-IR-24-097 vom 2025-01-14",
      "url" : "https://www.fortiguard.com/psirt/FG-IR-24-097"
    }, {
      "category" : "external",
      "summary" : "FortiGuard PSIRT Advisory FG-IR-24-135 vom 2025-01-14",
      "url" : "https://www.fortiguard.com/psirt/FG-IR-24-135"
    }, {
      "category" : "external",
      "summary" : "FortiGuard PSIRT Advisory FG-IR-24-222 vom 2025-01-14",
      "url" : "https://www.fortiguard.com/psirt/FG-IR-24-222"
    }, {
      "category" : "external",
      "summary" : "FortiGuard PSIRT Advisory FG-IR-24-239 vom 2025-01-14",
      "url" : "https://www.fortiguard.com/psirt/FG-IR-24-239"
    }, {
      "category" : "external",
      "summary" : "FortiGuard PSIRT Advisory FG-IR-24-463 vom 2025-01-14",
      "url" : "https://www.fortiguard.com/psirt/FG-IR-24-463"
    } ],
    "source_lang" : "en-US",
    "title" : "Fortinet FortiManager: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2025-01-14T23:00:00.000+00:00",
      "generator" : {
        "date" : "2025-01-15T11:43:20.368+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.10"
        }
      },
      "id" : "WID-SEC-W-2025-0087",
      "initial_release_date" : "2025-01-14T23:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2025-01-14T23:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      } ],
      "status" : "final",
      "version" : "1"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<6.4.15",
          "product" : {
            "name" : "Fortinet FortiManager <6.4.15",
            "product_id" : "1674908"
          }
        }, {
          "category" : "product_version",
          "name" : "6.4.15",
          "product" : {
            "name" : "Fortinet FortiManager 6.4.15",
            "product_id" : "1674908-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:6.4.15"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.0.13",
          "product" : {
            "name" : "Fortinet FortiManager <7.0.13",
            "product_id" : "1674909"
          }
        }, {
          "category" : "product_version",
          "name" : "7.0.13",
          "product" : {
            "name" : "Fortinet FortiManager 7.0.13",
            "product_id" : "1674909-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.0.13"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.2.8",
          "product" : {
            "name" : "Fortinet FortiManager <7.2.8",
            "product_id" : "1674910"
          }
        }, {
          "category" : "product_version",
          "name" : "7.2.8",
          "product" : {
            "name" : "Fortinet FortiManager 7.2.8",
            "product_id" : "1674910-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.2.8"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.4.5",
          "product" : {
            "name" : "Fortinet FortiManager <7.4.5",
            "product_id" : "1675287"
          }
        }, {
          "category" : "product_version",
          "name" : "7.4.5",
          "product" : {
            "name" : "Fortinet FortiManager 7.4.5",
            "product_id" : "1675287-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.4.5"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.4.3",
          "product" : {
            "name" : "Fortinet FortiManager <7.4.3",
            "product_id" : "1697231"
          }
        }, {
          "category" : "product_version",
          "name" : "7.4.3",
          "product" : {
            "name" : "Fortinet FortiManager 7.4.3",
            "product_id" : "1697231-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.4.3"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.4.4",
          "product" : {
            "name" : "Fortinet FortiManager <7.4.4",
            "product_id" : "1697232"
          }
        }, {
          "category" : "product_version",
          "name" : "7.4.4",
          "product" : {
            "name" : "Fortinet FortiManager 7.4.4",
            "product_id" : "1697232-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.4.4"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.2.6",
          "product" : {
            "name" : "Fortinet FortiManager <7.2.6",
            "product_id" : "T039043"
          }
        }, {
          "category" : "product_version",
          "name" : "7.2.6",
          "product" : {
            "name" : "Fortinet FortiManager 7.2.6",
            "product_id" : "T039043-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.2.6"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.6.2",
          "product" : {
            "name" : "Fortinet FortiManager <7.6.2",
            "product_id" : "T040172"
          }
        }, {
          "category" : "product_version",
          "name" : "7.6.2",
          "product" : {
            "name" : "Fortinet FortiManager 7.6.2",
            "product_id" : "T040172-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.6.2"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.4.6",
          "product" : {
            "name" : "Fortinet FortiManager <7.4.6",
            "product_id" : "T040173"
          }
        }, {
          "category" : "product_version",
          "name" : "7.4.6",
          "product" : {
            "name" : "Fortinet FortiManager 7.4.6",
            "product_id" : "T040173-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.4.6"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.2.9",
          "product" : {
            "name" : "Fortinet FortiManager <7.2.9",
            "product_id" : "T040174"
          }
        }, {
          "category" : "product_version",
          "name" : "7.2.9",
          "product" : {
            "name" : "Fortinet FortiManager 7.2.9",
            "product_id" : "T040174-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.2.9"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<6.4.13",
          "product" : {
            "name" : "Fortinet FortiManager <6.4.13",
            "product_id" : "T040346"
          }
        }, {
          "category" : "product_version",
          "name" : "6.4.13",
          "product" : {
            "name" : "Fortinet FortiManager 6.4.13",
            "product_id" : "T040346-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:6.4.13"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.4.1",
          "product" : {
            "name" : "Fortinet FortiManager <7.4.1",
            "product_id" : "T040347"
          }
        }, {
          "category" : "product_version",
          "name" : "7.4.1",
          "product" : {
            "name" : "Fortinet FortiManager 7.4.1",
            "product_id" : "T040347-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.4.1"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.2.4",
          "product" : {
            "name" : "Fortinet FortiManager <7.2.4",
            "product_id" : "T040348"
          }
        }, {
          "category" : "product_version",
          "name" : "7.2.4",
          "product" : {
            "name" : "Fortinet FortiManager 7.2.4",
            "product_id" : "T040348-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.2.4"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<7.0.9",
          "product" : {
            "name" : "Fortinet FortiManager <7.0.9",
            "product_id" : "T040350"
          }
        }, {
          "category" : "product_version",
          "name" : "7.0.9",
          "product" : {
            "name" : "Fortinet FortiManager 7.0.9",
            "product_id" : "T040350-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:fortinet:fortimanager:7.0.9"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "FortiManager"
      } ],
      "category" : "vendor",
      "name" : "Fortinet"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2024-32115",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in Fortinet FortiManager. Hierbei handelt es sich um ein Path Traversal Problem in der Administrationsschnittstelle. Ein entfernter, authentisierter Angreifer mit erhöhten Rechten kann diese Schwachstelle ausnutzen, um Dateien aus dem zugrunde liegenden Dateisystem über manipulierte HTTP- oder HTTPS-Anfragen zu löschen."
    } ],
    "product_status" : {
      "known_affected" : [ "T039043", "T040350", "1674909", "T040348", "T040347", "1697231" ]
    },
    "release_date" : "2025-01-14T23:00:00.000+00:00",
    "title" : "CVE-2024-32115"
  }, {
    "cve" : "CVE-2024-35277",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in Fortinet FortiManager. Diese besteht aufgrund einer fehlenden Authentifizierung für kritische Funktionen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Konfiguration aller verwalteten Geräte zu extrahieren."
    } ],
    "product_status" : {
      "known_affected" : [ "T039043", "T040350", "1674909", "T040348", "T040347", "1674908", "1697231", "T040346" ]
    },
    "release_date" : "2025-01-14T23:00:00.000+00:00",
    "title" : "CVE-2024-35277"
  }, {
    "cve" : "CVE-2024-46662",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in Fortinet FortiManager. Ursache ist eine unsachgemäße Neutralisierung spezieller Elemente die im csfd-Daemon verwendet werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um nicht autorisierte Befehle über speziell gestaltete Pakete auszuführen."
    } ],
    "product_status" : {
      "known_affected" : [ "1697231", "T040347", "1697232" ]
    },
    "release_date" : "2025-01-14T23:00:00.000+00:00",
    "title" : "CVE-2024-46662"
  }, {
    "cve" : "CVE-2024-47571",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in Fortinet FortiManager. Fortigate-Administratorkonten werden nicht sachgemäß gelöscht. Ein Angreifer kann diese Schwachstelle ausnutzen, um sich weiterhin mit den alten Anmeldedaten bei FortiGate anzumelden."
    } ],
    "product_status" : {
      "known_affected" : [ "T040350", "T040348", "T040347", "T040346" ]
    },
    "release_date" : "2025-01-14T23:00:00.000+00:00",
    "title" : "CVE-2024-47571"
  }, {
    "cve" : "CVE-2024-50566",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in Fortinet FortiManager. Die Ursache ist eine unsachgemäße Neutralisierung spezieller Elemente für OS-Befehle. Ein entfernter, authentisierter Angreifer mit erhöhten Rechten kann diese Schwachstelle ausnutzen, um nicht autorisierten Code über von FGFM erstellte Anfragen auszuführen."
    } ],
    "product_status" : {
      "known_affected" : [ "T039043", "1674910", "T040174", "T040173", "T040172", "1675287", "T040348", "1674908", "1697231", "T040347", "1697232" ]
    },
    "release_date" : "2025-01-14T23:00:00.000+00:00",
    "title" : "CVE-2024-50566"
  } ]
}