7.8

CVE-2024-45331

A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.2, FortiAnalyzer Cloud 7.2.1 through 7.2.6, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalate privilege via specific shell commands
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortianalyzer Version >= 6.4.0 < 7.2.6
FortinetFortianalyzer Version >= 7.4.0 < 7.4.4
FortinetFortianalyzer Cloud Version >= 6.4.1 < 7.2.7
FortinetFortianalyzer Cloud Version >= 7.4.1 < 7.4.3
FortinetFortimanager Version >= 6.4.0 < 7.2.6
FortinetFortimanager Version >= 7.4.0 < 7.4.4
FortinetFortimanager Cloud Version >= 7.0.1 < 7.2.7
FortinetFortimanager Cloud Version >= 7.4.1 < 7.4.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.101
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@fortinet.com 7.3 1.3 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://fortiguard.fortinet.com/psirt/FG-IR-24-127
Vendor Advisory