7.8
CVE-2024-33503
- EPSS 0.21%
- Veröffentlicht 14.01.2025 14:15:29
- Zuletzt bearbeitet 08.07.2026 14:16:51
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 6.4.0 < 7.2.6
Fortinet ≫ Fortianalyzer Version >= 7.4.0 < 7.4.4
Fortinet ≫ Fortianalyzer Cloud Version >= 6.4.1 < 7.2.7
Fortinet ≫ Fortianalyzer Cloud Version >= 7.4.1 < 7.4.3
Fortinet ≫ Fortimanager Version >= 6.4.0 < 7.2.6
Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.4
Fortinet ≫ Fortimanager Cloud Version >= 7.0.1 < 7.2.7
Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.112 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
https://fortiguard.fortinet.com/psirt/FG-IR-24-127