Improper Privilege Management in Fortinet FortiManager and FortiAnalyzer
CVE-2024-33503

7.8HIGH

Key Information:

Vendor
Fortinet
Status
FortiManager and FortiAnalyzer
Vendor
CVE Published:
14 January 2025

Summary

The vulnerability in Fortinet's FortiManager and FortiAnalyzer is due to improper privilege management across multiple versions. This flaw allows attackers to escalate their privileges by executing specific shell commands. Such an escalation could lead to unauthorized access and control over the system, potentially compromising sensitive data and operational integrity. It is crucial for users of affected products to implement recommended security measures promptly to mitigate potential risks.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-127

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.