External Control of Privileges via Format String Flaw in FortiAnalyzer
CVE-2024-45330
7.2HIGH
What is CVE-2024-45330?
A vulnerability exists in Fortinet's FortiAnalyzer software, specifically in versions 7.4.0 through 7.4.3 and 7.2.2 through 7.2.5. This flaw stems from the use of an externally-controlled format string that allows an attacker to escalate privileges through specially crafted requests. Implementing security measures and updates is crucial for users of these affected versions to mitigate potential exploitation.
Affected Version(s)
FortiAnalyzer 7.4.0 <= 7.4.3
FortiAnalyzer 7.2.2 <= 7.2.5