CVE-2024-33503

Medium CVSS: 6.7

A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands

Vendor

Fortinet

Product

Fortianalyzer

CWE

CWE-266

Yayın Tarihi

2025-01-14 14:15:29

Güncelleme

2025-01-31 17:36:27

Source Identifier

psirt@fortinet.com

KEV Date Added

Kategoriler

CWE-266 Fortianalyzer MEDIUM Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-24-127

Benzer Kayıtlar

Critical

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta…

Medium

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, Fort…

High

CVE-2026-25836

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet…

Medium

CVE-2026-25972

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiS…

Medium

CVE-2026-25689

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDec…

Medium

CVE-2026-24640

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7…