CVE-2024-33503

EUVD-2024-31241
A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
fortinetfortianalyzer
6.4.0 ≤
𝑥
< 7.2.6
fortinetfortianalyzer
7.4.0 ≤
𝑥
< 7.4.4
fortinetfortianalyzer_cloud
6.4.1 ≤
𝑥
< 7.2.7
fortinetfortianalyzer_cloud
7.4.1 ≤
𝑥
< 7.4.3
fortinetfortimanager
6.4.0 ≤
𝑥
< 7.2.6
fortinetfortimanager
7.4.0 ≤
𝑥
< 7.4.4
fortinetfortimanager_cloud
7.0.1 ≤
𝑥
< 7.2.7
fortinetfortimanager_cloud
7.4.1 ≤
𝑥
< 7.4.4
𝑥
= Vulnerable software versions