External Control of Privileges via Format String Flaw in FortiAnalyzer
CVE-2024-45330

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortianalyzer
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-45330?

A vulnerability exists in Fortinet's FortiAnalyzer software, specifically in versions 7.4.0 through 7.4.3 and 7.2.2 through 7.2.5. This flaw stems from the use of an externally-controlled format string that allows an attacker to escalate privileges through specially crafted requests. Implementing security measures and updates is crucial for users of these affected versions to mitigate potential exploitation.

Affected Version(s)

FortiAnalyzer 7.4.0 <= 7.4.3

FortiAnalyzer 7.2.2 <= 7.2.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-196

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Aug 27, 2024