CVE-2024-33505

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 6.4.0 through 6.4.14 FortiAnalyzer versions 7.0.0 through 7.0.12 FortiAnalyzer versions 7.2.0 through 7.2.5 FortiAnalyzer versions 7.4.0 through 7.4.2 FortiManager versions 6.4.0 through 6.4.14 FortiManager versions 7.0.0 through 7.0.12 FortiManager versions 7.2.0 through 7.2.5 FortiManager versions 7.4.0 through 7.4.2

Description The issue is related to a heap-based buffer overflow in the Command Line Interface (CLI) of Fortinet FortiManager and FortiAnalyzer. This can allow a remote attacker to escalate their privileges via specially crafted HTTP requests.

Recommendations For FortiAnalyzer versions 6.4.0 through 6.4.14, update to a version outside of this range to resolve the issue. For FortiAnalyzer versions 7.0.0 through 7.0.12, update to a version outside of this range to resolve the issue. For FortiAnalyzer versions 7.2.0 through 7.2.5, update to a version outside of this range to resolve the issue. For FortiAnalyzer versions 7.4.0 through 7.4.2, update to a version outside of this range to resolve the issue. For FortiManager versions 6.4.0 through 6.4.14, update to a version outside of this range to resolve the issue. For FortiManager versions 7.0.0 through 7.0.12, update to a version outside of this range to resolve the issue. For FortiManager versions 7.2.0 through 7.2.5, update to a version outside of this range to resolve the issue. For FortiManager versions 7.4.0 through 7.4.2, update to a version outside of this range to resolve the issue.