Improper Validation in FortiNDR Affects Firmware Integrity
CVE-2024-47573

6MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortindr
Vendor: CVE Published:; 14 March 2025

Summary

A vulnerability exists in FortiNDR versions 7.4.2 and below that stems from improper validation of the integrity check value. This flaw could allow an authenticated attacker, possessing Read/Write access on system maintenance, to install a compromised firmware image. Such an action could lead to unauthorized changes and potential exploitation of the affected systems. Users of affected FortiNDR versions should prioritize updating to secure versions to mitigate the risk.

Affected Version(s)

FortiNDR 7.4.0 <= 7.4.2

FortiNDR 7.2.0 <= 7.2.1

FortiNDR 7.1.0 <= 7.1.1

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-461

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Sep 27, 2024