CVE-2024-45331

HIGH

Fortinet FortiAnalyzer <7.4.3 - Privilege Escalation

Title source: llm
STIX 2.1

Description

A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.2, FortiAnalyzer Cloud 7.2.1 through 7.2.6, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalate privilege via specific shell commands

References (1)

Core 1
Core References

Scores

CVSS v3 7.3
EPSS 0.0020
EPSS Percentile 10.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-266
Status published
Products (16)
Fortinet/FortiAnalyzer 6.4.0 - 6.4.15
fortinet/fortianalyzer 6.4.0 - 7.2.6
Fortinet/FortiAnalyzer 7.0.0 - 7.0.16
Fortinet/FortiAnalyzer 7.2.0 - 7.2.5
Fortinet/FortiAnalyzer 7.4.0 - 7.4.3
Fortinet/FortiAnalyzer Cloud 6.4.1 - 6.4.7
Fortinet/FortiAnalyzer Cloud 7.0.1 - 7.0.16
Fortinet/FortiAnalyzer Cloud 7.2.1 - 7.2.6
Fortinet/FortiAnalyzer Cloud 7.4.1 - 7.4.2
fortinet/fortianalyzer_cloud 6.4.1 - 7.2.7
... and 6 more
Published Jan 16, 2025
Tracked Since Feb 18, 2026