216.73.217.64

CVE-2024-45331

· Published 16/01/2025 09:15 · Modified 03/02/2025 21:03

Labels: CVE-2024-45331 2025-01-16CVE-2024-45331CWE-266NVD-CWE-noinfo[email protected]

Essential information

Published
16/01/2025 09:15
Modified
03/02/2025 21:03
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortianalyzer cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
fortinet / fortianalyzer cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
fortinet / fortianalyzer cloud cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
fortinet / fortianalyzer cloud cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
fortinet / fortimanager cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
fortinet / fortimanager cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
fortinet / fortimanager cloud cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
fortinet / fortimanager cloud cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*

References