CVE-2024-47573

MEDIUM
Published Mar 14, 2025 Modified Jul 24, 2025 CWE-354

Description

An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.

CVSS v3.1 Score

6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Weakness Type (CWE)

CWE-354 CWE-354

Affected Products

Vendor Product
fortinet fortindr
fortinet fortindr

References

Frequently Asked Questions

What is CVE-2024-47573? +
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image. It has a CVSS v3.1 base score of 6.5 (MEDIUM).
How severe is CVE-2024-47573? +
CVE-2024-47573 has a CVSS v3.1 score of 6.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2024-47573? +
CVE-2024-47573 affects products from fortinet, specifically: fortindr. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-47573? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-7402

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the …
CVE-2024-48930

secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` …
CVE-2025-4616

An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user …
CVE-2025-11543 9.8

Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized …
CVE-2024-25678 9.8

In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
CVE-2025-54887 9.1

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-47573 — free, no signup required.

Start Free Scan