CVE-2024-21757

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-620
View all →

Vulnerability Description

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.

Related Vulnerabilities

CVE-2023-3069

HIGH
CVSS:7.6(High)

Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.

CWE-6202023

CVE-2022-21935

HIGH
CVSS:7.5(High)

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

CWE-6202022

CVE-2024-13373

HIGH
CVSS:8.1(High)

The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a u...

CWE-6202024

CVE-2025-4903

MEDIUM
CVSS:7.5(High)

A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&ht...

CWE-6202025

CVE-2024-27715

HIGH
CVSS:8.2(High)

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism.

CWE-6202024

CVE-2021-34785

HIGH
CVSS:7.2(High)

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected s...

CWE-6202021