CVE-2024-52965 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, an…
High CVSS: 7.2

CVE-2024-52965

A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid.
Vendor
Fortinet
Product
Fortiproxy
CWE
CWE-304
Yayın Tarihi
2025-07-08 15:15:22
Güncelleme
2025-07-22 17:25:57
Source Identifier
psirt@fortinet.com
KEV Date Added
-

Kategoriler

CWE-304 Fortiproxy HIGH Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-24-511