Vulnerability Description
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | >= 6.4.0, < 7.2.6 |
| Fortinet | Fortianalyzer Cloud | >= 6.4.1, < 7.2.7 |
| Fortinet | Fortimanager | >= 6.4.0, < 7.2.6 |
| Fortinet | Fortimanager Cloud | >= 7.0.1, < 7.2.7 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-127Vendor Advisory
FAQ
What is CVE-2024-45331?
CVE-2024-45331 is a vulnerability with a CVSS score of 7.3 (HIGH). A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2...
How severe is CVE-2024-45331?
CVE-2024-45331 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45331?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortianalyzer Cloud, Fortinet Fortimanager, Fortinet Fortimanager Cloud.