What is CVE-2024-52965?

A high-severity authentication vulnerability exists in FortiOS and FortiProxy, allowing unauthorized access even with an invalid certificate. Immediate action is required to mitigate risks associated with this flaw.

What is the severity of CVE-2024-52965?

CVE-2024-52965 has a severity rating of HIGH with a CVSS base score of 7.2.

CVE-2024-52965 | High Vulnerability in Fortinet FortiOS and FortiProxy

CVE-2024-52965 is a high-severity vulnerability affecting Fortinet's FortiOS and FortiProxy. The flaw arises from a missing critical step in authentication, which allows an API-user to log in using an API key and a PKI user certificate, even if the certificate is invalid. This vulnerability impacts FortiOS versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and prior to 7.0.16, as well as FortiProxy versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13, and prior to 7.0.20.

The CVSS score for this vulnerability is 7.2, indicating a high severity level. The vulnerability is particularly concerning due to its potential impact on confidentiality, integrity, and availability. Organizations using affected versions of FortiOS and FortiProxy should prioritize remediation efforts to mitigate risks associated with this vulnerability.

Risk to organizations includes unauthorized access to sensitive data and systems, which can lead to significant operational disruptions and potential data breaches. Organizations should prioritize patching immediately.

As of now, there are no known exploits or public proof-of-concept (PoC) available for this vulnerability, but it is crucial for security teams to remain vigilant and monitor for any developments regarding exploitability.

Immediate action is required from organizations to address this vulnerability, as it poses a significant risk to their systems.

Vulnerability Details

This vulnerability allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid. The affected products include Fortinet FortiOS and FortiProxy, specifically versions 7.6.0 to 7.6.1, 7.4.0 to 7.4.5, 7.2.0 to 7.2.10, and prior to 7.0.16 for FortiOS, and 7.6.0 to 7.6.1, 7.4.0 to 7.4.8, 7.2.0 to 7.2.13, and prior to 7.0.20 for FortiProxy.

The vulnerability's CWE classification is CWE-304, indicating a missing critical step in authentication. The attack vector is classified as NETWORK, with low attack complexity, high privileges required, and no user interaction needed.

The impact on confidentiality, integrity, and availability is rated as high, which further underscores the necessity for immediate remediation.

Technical Analysis

The root cause of CVE-2024-52965 lies in the authentication mechanism of FortiOS and FortiProxy. Specifically, the failure to properly validate the PKI certificate allows unauthorized access, which can be exploited by an attacker who possesses a valid API key but an invalid certificate. This flaw is particularly dangerous as it can be exploited remotely over the network.

Attackers may leverage this vulnerability to gain unauthorized access to sensitive components of the affected systems. The attack complexity is low, meaning that an attacker does not require advanced skills to exploit this vulnerability. The required privileges are high, indicating that an attacker must possess the appropriate API key, but user interaction is not necessary, making exploitation more feasible.

The confidentiality impact is high as an attacker could gain access to sensitive data. Similarly, the integrity and availability impacts are also high, as unauthorized access could lead to data manipulation or denial of service.

Risk & Impact Analysis

The real-world risk posed by CVE-2024-52965 is significant. Organizations using affected versions of FortiOS and FortiProxy may face unauthorized access to their networks, which could result in data breaches and operational disruptions. The potential blast radius of this vulnerability is extensive, as it affects multiple versions of critical infrastructure components.

Given the high CVSS score of 7.2, organizations should address this vulnerability in their priority patch cycle. The lack of known exploits does not reduce the urgency; organizations must prioritize patching immediately to mitigate the risk of future exploitation.

In summary, the vulnerability poses a serious threat to organizations that utilize Fortinet's FortiOS and FortiProxy. Security teams must act swiftly to ensure their systems are updated and secure.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include FortiOS versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and prior to 7.0.16, as well as FortiProxy versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13, and prior to 7.0.20.

Mitigation & Remediation

Organizations should prioritize patching immediately. The vendor has released patches for the affected versions, which can be found in their advisory. It is essential to ensure that systems are updated to the latest versions to mitigate this vulnerability effectively.

In addition to applying patches, organizations should implement configuration hardening practices to strengthen security. Regular monitoring and review of access logs will help identify any unauthorized access attempts.

For more information on best practices for penetration testing and vulnerability assessment, organizations can refer to the vulnerability management program designed to help mitigate similar vulnerabilities.

Detection Guidance

Organizations should monitor for log indicators that may signify attempts to exploit this vulnerability. Behavioral anomalies, such as unusual login attempts or access from unauthorized IP addresses, should be tracked. Additionally, network signatures that correlate with known attack patterns can help in early detection.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2024-52965 highlights the ongoing challenges in securing authentication mechanisms in networked devices. Security teams must learn from this vulnerability to enhance their defenses against unauthorized access. Regular security assessments and proactive measures can help protect against similar vulnerabilities in the future.

For further insights into security best practices, organizations can explore the penetration testing methodology and the importance of maintaining an effective security posture.

Security teams should also consider the insights provided in the vulnerability management program to establish a robust security framework.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-52965: High Vulnerability in Fortinet FortiOS and FortiProxy