CVE-2024-47575

ENISA EUVD: EUVD-2024-42531 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 6 articles Published: 2024-10-23

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

93.87%

probability

This CVE has a 93.87% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

High

Remediation Level

Unavailable

Report Confidence

Confirmed

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

Description

VulnerabilityLookup (CNA)

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Affected Products

Fortinet

FortiManager

7.6.0 7.4.0 7.2.0 7.0.0 6.4.0 6.2.0

fortinet

fortimanager

fortinet

fortimanager cloud

Fortinet

FortiManager

6.4.0 ≤6.4.14

Fortinet

FortiManager

7.6.0

Fortinet

FortiManager

7.4.0 ≤7.4.4

Fortinet

FortiManager

7.0.0 ≤7.0.12

Fortinet

FortiManager

6.2.0 ≤6.2.12

Fortinet

FortiManager

7.2.0 ≤7.2.7

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication CWE-306 · Missing Authentication

Exploits & PoC

watchtowrlabs/Fortijump-Exploit-CVE-2024-47575

Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575

98 2024-11-14

revanslbw/CVE-2024-47575-POC

CVE POC Exploit

0 2025-01-05

AnnnNix/CVE-2024-47575

PoC for CVE-2024-47575

0 2025-07-19

3 repos — triés par ⭐ Rechercher sur GitHub ↗

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

Signal Intelligence

Confidenceⓘ

92%

EPSS 93.87%

CVSS v3.1 9.8

Mentions 6

Last Seen Jan 14, 2025

CNA Information

CNA Assigner

fortinet

Analyst Note

Multiple authoritative sources explicitly describe CVE-2024-47575 as a zero-day exploitation in the wild. BleepingComputer titles confirm 'zero-day attacks' and 'zero-day exploited,' and Mandiant reporting indicates active exploitation since June 2024, preceding the October 23, 2024 public disclosure. CERT-EU also labels it a 'Critical 0-day Vulnerability,' corroborating the zero-day status.