CVE-2024-45331

CVE Database · CVE-2024-45331

CVE-2024-45331

· HIGHAnalyzed

CVSS v3.1

7.3

EPSS

0.20%

Published

Jan 16, 2025

Modified

Feb 3, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-266

Affected Products (8)

fortinet · fortianalyzer (up to 7.2.6)vulnerable

fortinet · fortianalyzer (up to 7.4.4)vulnerable

fortinet · fortianalyzer_cloud (up to 7.2.7)vulnerable

fortinet · fortianalyzer_cloud (up to 7.4.3)vulnerable

fortinet · fortimanager (up to 7.2.6)vulnerable

fortinet · fortimanager (up to 7.4.4)vulnerable

fortinet · fortimanager_cloud (up to 7.2.7)vulnerable

fortinet · fortimanager_cloud (up to 7.4.4)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-127

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs