{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T06:35:20.985","vulnerabilities":[{"cve":{"id":"CVE-2024-52965","sourceIdentifier":"psirt@fortinet.com","published":"2025-07-08T15:15:22.313","lastModified":"2025-07-22T17:25:57.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid."},{"lang":"es","value":"Una vulnerabilidad de paso crítico faltante en la autenticación [CWE-304] en Fortinet FortiOS versión 7.6.0 a 7.6.1, 7.4.0 a 7.4.5, 7.2.0 a 7.2.10 y anteriores a 7.0.16 y FortiProxy versión 7.6.0 a 7.6.1, 7.4.0 a 7.4.8, 7.2.0 a 7.2.13 y anteriores a 7.0.20 permite que un usuario de API que utiliza autenticación de certificado de usuario PKI + clave de API inicie sesión incluso si el certificado no es válido."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-304"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.21","matchCriteriaId":"46624230-8C2A-4654-A576-7A7F43233EE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.14","matchCriteriaId":"16425D98-80A6-4CD4-8DBF-44C5D9E727A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.9","matchCriteriaId":"89DCD726-F323-49B8-9408-E3EF0591A480"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"C6E32BEB-8804-452C-A054-DD9FFCC8B796"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndExcluding":"7.0.17","matchCriteriaId":"C37D7999-642E-4119-8C0D-4B12ACB9E6FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.11","matchCriteriaId":"4386465B-EFF9-41BA-B393-82135A2591DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.6","matchCriteriaId":"199954FD-1280-46F8-8515-7591CE75A1E5"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"44CE8EE3-D64A-49C8-87D7-C18B302F864A"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*","matchCriteriaId":"FE8BFEA3-2949-4D91-B0D1-AB384851EC5C"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-511","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}