CVE-2024-45331 (GCVE-0-2024-45331)
Vulnerability from cvelistv5 – Published: 2025-01-16 08:59 – Updated: 2025-01-16 14:19
VLAI?
Summary
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
Severity ?
CWE
- CWE-266 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiAnalyzer |
Affected:
7.4.0 , ≤ 7.4.3
(semver)
Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T14:17:17.440183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T14:19:20.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T08:59:23.201Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-45331",
"datePublished": "2025-01-16T08:59:23.201Z",
"dateReserved": "2024-08-27T06:43:07.251Z",
"dateUpdated": "2025-01-16T14:19:20.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45331\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-01-16T09:15:06.500\",\"lastModified\":\"2025-02-03T21:03:06.133\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands\"},{\"lang\":\"es\",\"value\":\"Una asignaci\u00f3n de privilegios incorrecta en las versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.15 de Fortinet FortiAnalyzer, las versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.15 de FortiManager, las versiones 7.4.1 a 7.4.2, 7.2.1 a 7.2.6, 7.0.1 a 7.0.13, 6.4.1 a 6.4.7 de FortiAnalyzer Cloud permite a un atacante escalar privilegios a trav\u00e9s de comandos de shell espec\u00edficos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.4\",\"matchCriteriaId\":\"E6F162A7-0D01-43E0-99D8-D7B87B080853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.1\",\"versionEndExcluding\":\"7.2.7\",\"matchCriteriaId\":\"38BFF3B9-3927-4B15-A573-4EDB20362841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.1\",\"versionEndExcluding\":\"7.4.3\",\"matchCriteriaId\":\"40C3665B-3E49-4D0C-B924-266D49F1E510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"71CC4AA3-04CC-49CA-A012-E28C4D1F11DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.4\",\"matchCriteriaId\":\"3AE9CAFD-5D5B-4799-8690-624225963595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.1\",\"versionEndExcluding\":\"7.2.7\",\"matchCriteriaId\":\"75DA0ED6-C606-4763-A7B0-575F8061237A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.1\",\"versionEndExcluding\":\"7.4.4\",\"matchCriteriaId\":\"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-127\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45331\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-16T14:17:17.440183Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-16T14:19:15.660Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.9, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiAnalyzer\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.3\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.15\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.15\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiAnalyzer version 7.4.4 or above \\nPlease upgrade to FortiAnalyzer version 7.2.6 or above \\nPlease upgrade to FortiManager version 7.6.0 or above \\nPlease upgrade to FortiManager version 7.4.4 or above \\nPlease upgrade to FortiManager version 7.2.6 or above \\nPlease upgrade to FortiManager Cloud version 7.4.4 or above \\nPlease upgrade to FortiManager Cloud version 7.2.7 or above \\nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \\nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-127\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-127\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"Escalation of privilege\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-01-16T08:59:23.201Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45331\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-16T14:19:20.943Z\", \"dateReserved\": \"2024-08-27T06:43:07.251Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-01-16T08:59:23.201Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…