CVE-2024-35277: 
Fortinet FortiManager vulnerability analysis and mitigation

A missing authentication for critical function vulnerability (CWE-306) affects Fortinet FortiPortal version 6.0.0 through 6.0.15 and FortiManager versions ranging from 6.4.0 through 7.4.2. The vulnerability allows an unauthenticated remote attacker to access the configuration of managed devices by sending specifically crafted packets (Fortinet Advisory, NVD).

The vulnerability is classified with a CVSS v3.1 base score of 8.6 (High) according to Fortinet's assessment, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. The issue specifically relates to missing authentication controls for critical functions, allowing unauthorized access to managed device configurations. The vulnerability affects multiple versions of FortiManager and FortiManager Cloud, including versions 6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, and 7.4.0-7.4.2 (Fortinet Advisory).

The vulnerability allows attackers to extract the configuration of all managed devices, potentially exposing sensitive information including LDAP credentials, admin credentials, and user credentials. This exposure is particularly critical if the private-data-encryption setting is not enabled on the managed FortiGate devices, as it could allow attackers to recover credentials from stored configuration revisions (Fortinet Advisory).

Fortinet has released patches for affected versions and recommends upgrading to the following versions: FortiManager 6.4.15 or above, 7.0.13 or above, 7.2.6 or above, or 7.4.3 or above. For FortiManager Cloud, upgrade to versions 7.0.13, 7.2.7, or 7.4.3 or above. Additionally, it is recommended to enable private-data-encryption and limit admin interface access using the trusthost feature to specific IP addresses (Fortinet Advisory).