A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets
CVE ID: CVE-2024-35277
CVSS Base Severity: HIGH
CVSS Base Score: 8.4
Vendor: Fortinet
Product: FortiManager
EPSS Score: 0.09% (probability of being exploited)
EPSS Percentile: 39.18% (scored less or equal to compared to others)
EPSS Date: 2025-02-12 (when was this score calculated)