7.8

CVE-2024-33503

A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortianalyzer Version >= 6.4.0 < 7.2.6
FortinetFortianalyzer Version >= 7.4.0 < 7.4.4
FortinetFortianalyzer Cloud Version >= 6.4.1 < 7.2.7
FortinetFortianalyzer Cloud Version >= 7.4.1 < 7.4.3
FortinetFortimanager Version >= 6.4.0 < 7.2.6
FortinetFortimanager Version >= 7.4.0 < 7.4.4
FortinetFortimanager Cloud Version >= 7.0.1 < 7.2.7
FortinetFortimanager Cloud Version >= 7.4.1 < 7.4.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.112
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@fortinet.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://fortiguard.fortinet.com/psirt/FG-IR-24-127
Vendor Advisory