Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0197
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x antérieures à 7.1.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.20 | ||
| Fortinet | N/A | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.3.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.16 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.6 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.6.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.4.16 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiIsolator versions 2.4.x antérieures à 2.4.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.4.7 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-54026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
},
{
"name": "CVE-2024-45328",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
},
{
"name": "CVE-2024-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
},
{
"name": "CVE-2024-54018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
},
{
"name": "CVE-2024-54027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
},
{
"name": "CVE-2023-42784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
},
{
"name": "CVE-2023-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
},
{
"name": "CVE-2024-32123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
},
{
"name": "CVE-2024-55590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
},
{
"name": "CVE-2024-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
},
{
"name": "CVE-2023-40723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
},
{
"name": "CVE-2023-37933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
},
{
"name": "CVE-2024-55597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
},
{
"name": "CVE-2024-55592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
},
{
"name": "CVE-2024-33501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
},
{
"name": "CVE-2024-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
},
{
"name": "CVE-2024-45324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
},
{
"name": "CVE-2024-55594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
}
],
"initial_release_date": "2025-03-12T00:00:00",
"last_revision_date": "2025-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0197",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
}
]
}
CVE-2024-55592 (GCVE-0-2024-55592)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-11 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Improper access control
Summary
An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Version: 7.2.0 ≤ 7.2.5 Version: 7.1.0 ≤ 7.1.7 Version: 7.0.0 ≤ 7.0.3 Version: 6.7.0 ≤ 6.7.9 Version: 6.6.0 ≤ 6.6.5 Version: 6.5.0 ≤ 6.5.3 Version: 6.4.0 ≤ 6.4.4 Version: 6.3.0 ≤ 6.3.3 Version: 6.2.0 ≤ 6.2.1 Version: 6.1.0 ≤ 6.1.2 Version: 5.4.0 Version: 5.3.0 ≤ 5.3.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:06:54.927466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:07:03.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:29.067Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-377",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-377"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.3.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-55592",
"datePublished": "2025-03-11T14:54:29.067Z",
"dateReserved": "2024-12-09T11:19:49.470Z",
"dateUpdated": "2025-03-11T16:07:03.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40723 (GCVE-0-2023-40723)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-12 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Execute unauthorized code or commands
Summary
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Version: 6.7.0 ≤ 6.7.4 Version: 6.6.0 ≤ 6.6.3 Version: 6.5.0 ≤ 6.5.1 Version: 6.4.0 ≤ 6.4.2 Version: 6.3.0 ≤ 6.3.3 Version: 6.2.0 ≤ 6.2.1 Version: 6.1.0 ≤ 6.1.2 Version: 5.4.0 Version: 5.3.0 ≤ 5.3.3 Version: 5.2.5 ≤ 5.2.8 Version: 5.2.1 ≤ 5.2.2 Version: 5.1.0 ≤ 5.1.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:49.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.7.4",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.3",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.2",
"status": "affected",
"version": "5.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.3",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:28.770Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-117",
"url": "https://fortiguard.com/psirt/FG-IR-23-117"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.0.2 or above \nPlease upgrade to FortiSIEM version 7.0.0 or above \nPlease upgrade to FortiSIEM version 6.7.5 or above \nPlease upgrade to FortiSIEM version 6.6.4 or above \nPlease upgrade to FortiSIEM version 6.5.2 or above \nPlease upgrade to FortiSIEM version 6.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-40723",
"datePublished": "2025-03-11T14:54:28.770Z",
"dateReserved": "2023-08-21T09:03:44.316Z",
"dateUpdated": "2025-03-12T04:00:49.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55597 (GCVE-0-2024-55597)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-11 16:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Execute unauthorized code or commands
Summary
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:02:35.296753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:06:25.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:26.129Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-439",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-439"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-55597",
"datePublished": "2025-03-11T14:54:26.129Z",
"dateReserved": "2024-12-09T11:19:49.472Z",
"dateUpdated": "2025-03-11T16:06:25.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52961 (GCVE-0-2024-52961)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-12 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSandbox |
Version: 5.0.0 Version: 4.4.0 ≤ 4.4.6 Version: 4.2.0 ≤ 4.2.7 Version: 4.0.0 ≤ 4.0.5 Version: 3.2.0 ≤ 3.2.4 Version: 3.1.0 ≤ 3.1.5 Version: 3.0.0 ≤ 3.0.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:57.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.0.0"
},
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:30.498Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-306",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-306"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox Cloud version 24.2 or above \nPlease upgrade to FortiSandbox version 5.0.1 or above \nPlease upgrade to FortiSandbox version 4.4.7 or above \nPlease upgrade to FortiSandbox version 4.2.8 or above \nPlease upgrade to FortiSandbox version 4.0.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-52961",
"datePublished": "2025-03-11T14:54:30.498Z",
"dateReserved": "2024-11-18T13:36:52.464Z",
"dateUpdated": "2025-03-12T04:00:57.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54026 (GCVE-0-2024-54026)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-11 16:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSandbox |
Version: 4.4.0 ≤ 4.4.6 Version: 4.2.0 ≤ 4.2.8 Version: 4.0.0 ≤ 4.0.6 Version: 3.2.0 ≤ 3.2.4 Version: 3.1.0 ≤ 3.1.5 Version: 3.0.0 ≤ 3.0.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:02:30.152318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:05:02.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.8",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:38.660Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-353",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-353"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 5.0.1 or above \nPlease upgrade to FortiSandbox version 4.4.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-54026",
"datePublished": "2025-03-11T14:54:38.660Z",
"dateReserved": "2024-11-27T15:20:39.891Z",
"dateUpdated": "2025-03-11T16:05:02.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55594 (GCVE-0-2024-55594)
Vulnerability from cvelistv5
Published
2025-03-14 16:25
Modified
2025-03-14 16:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-228 - Execute unauthorized code or commands
Summary
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T16:57:33.359876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T16:58:29.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.6",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T16:25:33.078Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-115",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-115"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-55594",
"datePublished": "2025-03-14T16:25:33.078Z",
"dateReserved": "2024-12-09T11:19:49.471Z",
"dateUpdated": "2025-03-14T16:58:29.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32123 (GCVE-0-2024-32123)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-12 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2
7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0 through 5.6.11 and 5.4.0 through 5.4.7 and 5.2.0 through 5.2.10 and 5.0.0 through 5.0.12 and 4.3.4 through 4.3.8 allows attacker to execute unauthorized code or commands via crafted CLI requests.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.13 Version: 6.0.0 ≤ 6.0.12 Version: 5.6.0 ≤ 5.6.11 Version: 5.4.0 ≤ 5.4.7 Version: 5.2.0 ≤ 5.2.10 Version: 5.0.0 ≤ 5.0.12 Version: 4.3.4 ≤ 4.3.8 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:5.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:4.3.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:4.3.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:4.3.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:4.3.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:4.3.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:45.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:4.3.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:4.3.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:4.3.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:4.3.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:4.3.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.13",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.11",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.7",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.10",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.12",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.3.8",
"status": "affected",
"version": "4.3.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.13",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2\r\n7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0 through 5.6.11 and 5.4.0 through 5.4.7 and 5.2.0 through 5.2.10 and 5.0.0 through 5.0.12 and 4.3.4 through 4.3.8 allows attacker to execute unauthorized code or commands via crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:38.345Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-124",
"url": "https://fortiguard.com/psirt/FG-IR-24-124"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAnalyzer-BigData version 7.4.2 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.8 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-32123",
"datePublished": "2025-03-11T14:54:38.345Z",
"dateReserved": "2024-04-11T12:09:46.571Z",
"dateUpdated": "2025-03-12T04:00:45.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33501 (GCVE-0-2024-33501)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-11 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Execute unauthorized code or commands
Summary
Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via specifically crafted CLI requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.4 ≤ 6.4.15 Version: 6.2.8 ≤ 6.2.13 Version: 6.0.10 ≤ 6.0.12 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:02:27.551606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:04:54.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.13",
"status": "affected",
"version": "6.2.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.10",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Two improper neutralization of special elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker\u00a0to execute unauthorized code or commands via specifically crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:41.662Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-130",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-130"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.8 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-33501",
"datePublished": "2025-03-11T14:54:41.662Z",
"dateReserved": "2024-04-23T14:18:29.829Z",
"dateUpdated": "2025-03-11T16:04:54.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54018 (GCVE-0-2024-54018)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-12 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSandbox |
Version: 4.4.0 ≤ 4.4.4 Version: 4.2.0 ≤ 4.2.6 Version: 4.0.0 ≤ 4.0.6 Version: 3.2.0 ≤ 3.2.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:46.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.4.4",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.6",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple\u00a0improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:37.970Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-110",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-110"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 5.0.0 or above \nPlease upgrade to FortiSandbox version 4.4.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-54018",
"datePublished": "2025-03-11T14:54:37.970Z",
"dateReserved": "2024-11-27T15:20:39.890Z",
"dateUpdated": "2025-03-12T04:00:46.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46663 (GCVE-0-2024-46663)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-12 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Escalation of privilege
Summary
A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiMail |
Version: 7.6.0 ≤ 7.6.1 Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.8 Version: 6.4.0 ≤ 6.4.8 cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:58.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.8",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:31.928Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-331",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-331"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiMail version 7.6.2 or above \nPlease upgrade to FortiMail version 7.4.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-46663",
"datePublished": "2025-03-11T14:54:31.928Z",
"dateReserved": "2024-09-11T12:14:59.204Z",
"dateUpdated": "2025-03-12T04:00:58.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42784 (GCVE-0-2023-42784)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-11 16:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-228 - Execute unauthorized code or commands
Summary
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:10:51.450991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:10:57.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:28.924Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-115",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-115"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiWeb version 7.6.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-42784",
"datePublished": "2025-03-11T14:54:28.924Z",
"dateReserved": "2023-09-14T08:37:38.656Z",
"dateUpdated": "2025-03-11T16:10:57.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37933 (GCVE-0-2023-37933)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-12 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Execute unauthorized code or commands
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.1 Version: 7.1.0 ≤ 7.1.3 Version: 7.0.0 ≤ 7.0.5 Version: 6.2.0 ≤ 6.2.6 Version: 6.1.0 ≤ 6.1.6 Version: 6.0.0 ≤ 6.0.4 Version: 5.4.0 ≤ 5.4.5 Version: 5.3.0 ≤ 5.3.7 cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:48.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.3",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.5",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.7",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1\tand before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:35.895Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-216",
"url": "https://fortiguard.com/psirt/FG-IR-23-216"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiADC version 7.4.1 or above \nPlease upgrade to FortiADC version 7.2.2 or above \nPlease upgrade to FortiADC version 7.1.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-37933",
"datePublished": "2025-03-11T14:54:35.895Z",
"dateReserved": "2023-07-11T08:16:54.092Z",
"dateUpdated": "2025-03-12T04:00:48.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48790 (GCVE-0-2023-48790)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-11 16:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Execute unauthorized code or commands
Summary
A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:03:35.954580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:05:58.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:31.599Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNDR version 7.4.1 or above \nPlease upgrade to FortiNDR version 7.2.2 or above \nPlease upgrade to FortiNDR version 7.1.2 or above \nPlease upgrade to FortiNDR version 7.0.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-48790",
"datePublished": "2025-03-11T14:54:31.599Z",
"dateReserved": "2023-11-19T19:58:38.554Z",
"dateUpdated": "2025-03-11T16:05:58.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45328 (GCVE-0-2024-45328)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-12 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Escalation of privilege
Summary
An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSandbox |
Version: 4.4.0 ≤ 4.4.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:56.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:28.909Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-261",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-261"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 5.0.0 or above \nPlease upgrade to FortiSandbox version 4.4.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-45328",
"datePublished": "2025-03-11T14:54:28.909Z",
"dateReserved": "2024-08-27T06:43:07.250Z",
"dateUpdated": "2025-03-12T04:00:56.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55590 (GCVE-0-2024-55590)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-11 16:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Version: 2.4.0 ≤ 2.4.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:03:27.550889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:05:38.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.5",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:34.932Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-178",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-178"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-55590",
"datePublished": "2025-03-11T14:54:34.932Z",
"dateReserved": "2024-12-09T11:19:49.470Z",
"dateUpdated": "2025-03-11T16:05:38.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52960 (GCVE-0-2024-52960)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-03-11 16:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-602 - Improper access control
Summary
A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSandbox |
Version: 5.0.0 Version: 4.4.0 ≤ 4.4.6 Version: 4.2.0 ≤ 4.2.7 Version: 4.0.0 ≤ 4.0.6 Version: 3.2.0 ≤ 3.2.4 Version: 3.1.0 ≤ 3.1.5 Version: 3.0.0 ≤ 3.0.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:02:32.647649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:05:31.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.0.0"
},
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A client-side enforcement of server-side security vulnerability [CWE-602]\u00a0in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:35.614Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-305",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-305"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 5.0.1 or above \nPlease upgrade to FortiSandbox version 4.4.7 or above \nPlease upgrade to FortiSandbox version 4.2.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-52960",
"datePublished": "2025-03-11T14:54:35.614Z",
"dateReserved": "2024-11-18T13:36:52.464Z",
"dateUpdated": "2025-03-11T16:05:31.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45324 (GCVE-0-2024-45324)
Vulnerability from cvelistv5
Published
2025-03-11 14:54
Modified
2025-10-16 09:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-134 - Execute unauthorized code or commands
Summary
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.9 Version: 7.0.0 ≤ 7.0.15 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.16 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:* |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:50.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.16",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiPAM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.4.2",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSRA",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.4.2",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.6",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.19",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T09:43:58.579Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiAuthenticator version 7.0.0 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.3 or above\nUpgrade to upcoming FortiPAM version 1.3.2 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.10 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiOS version 6.2.17 or above\nFortinet remediated this issue in FortiSASE version 24.4.b1 and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.1 or above\nUpgrade to FortiProxy version 7.4.7 or above\nUpgrade to FortiProxy version 7.2.13 or above\nUpgrade to FortiProxy version 7.0.20 or above\nUpgrade to FortiSRA version 1.5.0 or above\nUpgrade to FortiSRA version 1.4.3 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.6 or above\nUpgrade to FortiWeb version 7.2.11 or above\nUpgrade to FortiWeb version 7.0.11 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-45324",
"datePublished": "2025-03-11T14:54:33.810Z",
"dateReserved": "2024-08-27T06:43:07.250Z",
"dateUpdated": "2025-10-16T09:43:58.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54027 (GCVE-0-2024-54027)
Vulnerability from cvelistv5
Published
2025-03-17 13:05
Modified
2025-03-18 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-321 - Improper access control
Summary
A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSandbox |
Version: 5.0.0 Version: 4.4.0 ≤ 4.4.6 Version: 4.2.0 ≤ 4.2.7 Version: 4.0.0 ≤ 4.0.5 Version: 3.2.0 ≤ 3.2.4 Version: 3.1.0 ≤ 3.1.5 Version: 3.0.5 ≤ 3.0.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T03:55:15.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.0.0"
},
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "3.0.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T13:05:31.108Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-327",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-327"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 5.0.1 or above \nPlease upgrade to FortiSandbox version 4.4.7 or above \nPlease upgrade to FortiSandbox version 4.2.8 or above \nPlease upgrade to FortiSandbox version 4.0.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-54027",
"datePublished": "2025-03-17T13:05:31.108Z",
"dateReserved": "2024-11-27T15:20:39.891Z",
"dateUpdated": "2025-03-18T03:55:15.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…