CVE-2024-33503

MEDIUM

FortiManager/FortiAnalyzer Privilege Escalation via Shell Command Injection

Title source: llm
STIX 2.1

Description

A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands

References (1)

Core 1
Core References

Scores

CVSS v3 6.7
EPSS 0.0021
EPSS Percentile 11.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-266
Status published
Products (11)
fortinet/fortianalyzer 6.4.0 - 7.2.6
fortinet/fortianalyzer_cloud 6.4.1 - 7.2.7
Fortinet/FortiManager 6.4.0 - 6.4.15
fortinet/fortimanager 6.4.0 - 7.2.6
Fortinet/FortiManager 7.0.0 - 7.0.16
Fortinet/FortiManager 7.2.0 - 7.2.5
Fortinet/FortiManager 7.4.0 - 7.4.3
Fortinet/FortiManager Cloud 7.0.1 - 7.0.13
Fortinet/FortiManager Cloud 7.2.1 - 7.2.6
Fortinet/FortiManager Cloud 7.4.1 - 7.4.3
... and 1 more
Published Jan 14, 2025
Tracked Since Feb 18, 2026