CVE-2024-45331

EUVD-2024-41276
A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.2, FortiAnalyzer Cloud 7.2.1 through 7.2.6, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalate privilege via specific shell commands
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
fortinetfortianalyzer
6.4.0 ≤
𝑥
< 7.2.6
fortinetfortianalyzer
7.4.0 ≤
𝑥
< 7.4.4
fortinetfortianalyzer_cloud
6.4.1 ≤
𝑥
< 7.2.7
fortinetfortianalyzer_cloud
7.4.1 ≤
𝑥
< 7.4.3
fortinetfortimanager
6.4.0 ≤
𝑥
< 7.2.6
fortinetfortimanager
7.4.0 ≤
𝑥
< 7.4.4
fortinetfortimanager_cloud
7.0.1 ≤
𝑥
< 7.2.7
fortinetfortimanager_cloud
7.4.1 ≤
𝑥
< 7.4.4
𝑥
= Vulnerable software versions