Incorrect Privilege Assignment in Fortinet FortiAnalyzer and FortiManager
CVE-2024-45331

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortianalyzer; Fortimanager
Vendor: CVE Published:; 16 January 2025

What is CVE-2024-45331?

Fortinet FortiAnalyzer and FortiManager products are affected by a vulnerability that allows an attacker to escalate privileges through specific shell commands. This could potentially enable unauthorized users to gain higher-level access within the system, compromising sensitive data and system integrity. This issue exists across multiple versions of both FortiAnalyzer and FortiManager, highlighting the importance for users to apply updates and patches promptly.

Affected Version(s)

FortiAnalyzer 7.4.0 <= 7.4.3

FortiAnalyzer 7.2.0 <= 7.2.5

FortiAnalyzer 7.0.0 <= 7.0.13

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-127

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Aug 27, 2024