7.8
CVE-2024-45331
- EPSS 0.2%
- Veröffentlicht 16.01.2025 09:15:06
- Zuletzt bearbeitet 08.07.2026 14:16:53
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.2, FortiAnalyzer Cloud 7.2.1 through 7.2.6, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalate privilege via specific shell commands
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 6.4.0 < 7.2.6
Fortinet ≫ Fortianalyzer Version >= 7.4.0 < 7.4.4
Fortinet ≫ Fortianalyzer Cloud Version >= 6.4.1 < 7.2.7
Fortinet ≫ Fortianalyzer Cloud Version >= 7.4.1 < 7.4.3
Fortinet ≫ Fortimanager Version >= 6.4.0 < 7.2.6
Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.4
Fortinet ≫ Fortimanager Cloud Version >= 7.0.1 < 7.2.7
Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.101 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
https://fortiguard.fortinet.com/psirt/FG-IR-24-127