Incorrect Privilege Assignment in Fortinet FortiAnalyzer and FortiManager
CVE-2024-45331

6.9MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortianalyzer; Fortimanager
Vendor: CVE Published:; 16 January 2025

Summary

Fortinet FortiAnalyzer and FortiManager products are affected by a vulnerability that allows an attacker to escalate privileges through specific shell commands. This could potentially enable unauthorized users to gain higher-level access within the system, compromising sensitive data and system integrity. This issue exists across multiple versions of both FortiAnalyzer and FortiManager, highlighting the importance for users to apply updates and patches promptly.

Affected Version(s)

FortiAnalyzer 7.4.0 <= 7.4.3

FortiAnalyzer 7.2.0 <= 7.2.5

FortiAnalyzer 7.0.0 <= 7.0.13

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-127

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Aug 27, 2024