7.2
CVE-2024-45330
- EPSS 0.27%
- Veröffentlicht 08.10.2024 15:15:15
- Zuletzt bearbeitet 19.10.2024 00:41:09
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 7.2.2 <= 7.2.5
Fortinet ≫ Fortianalyzer Version >= 7.4.0 <= 7.4.3
Fortinet ≫ Fortianalyzer Cloud Version >= 7.2.2 <= 7.2.6
Fortinet ≫ Fortianalyzer Cloud Version >= 7.4.1 <= 7.4.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.27% | 0.505 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
psirt@fortinet.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.