CVE-2024-45331

Name of the Vulnerable Software and Affected Versions Fortinet FortiAnalyzer versions 6.4.0 through 6.4.15 Fortinet FortiAnalyzer versions 7.0.0 through 7.0.13 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3 Fortinet FortiManager versions 6.4.0 through 6.4.15 Fortinet FortiManager versions 7.0.0 through 7.0.13 Fortinet FortiManager versions 7.2.0 through 7.2.5 Fortinet FortiManager versions 7.4.0 through 7.4.2 Fortinet FortiAnalyzer Cloud versions 6.4.1 through 6.4.7 Fortinet FortiAnalyzer Cloud versions 7.0.1 through 7.0.13 Fortinet FortiAnalyzer Cloud versions 7.2.1 through 7.2.6 Fortinet FortiAnalyzer Cloud versions 7.4.1 through 7.4.2

Description The issue is related to an incorrect privilege assignment in Fortinet products, allowing an attacker to escalate privileges via specific shell commands.

Recommendations For Fortinet FortiAnalyzer versions 6.4.0 through 6.4.15, update to a version outside of this range to resolve the issue. For Fortinet FortiAnalyzer versions 7.0.0 through 7.0.13, update to a version outside of this range to resolve the issue. For Fortinet FortiAnalyzer versions 7.2.0 through 7.2.5, update to a version outside of this range to resolve the issue. For Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, update to a version outside of this range to resolve the issue. For Fortinet FortiManager versions 6.4.0 through 6.4.15, update to a version outside of this range to resolve the issue. For Fortinet FortiManager versions 7.0.0 through 7.0.13, update to a version outside of this range to resolve the issue. For Fortinet FortiManager versions 7.2.0 through 7.2.5, update to a version outside of this range to resolve the issue. For Fortinet FortiManager versions 7.4.0 through 7.4.2, update to a version outside of this range to resolve the issue. For Fortinet FortiAnalyzer Cloud versions 6.4.1 through 6.4.7, update to a version outside of this range to resolve the issue. For Fortinet FortiAnalyzer Cloud versions 7.0.1 through 7.0.13, update to a version outside of this range to resolve the issue. For Fortinet FortiAnalyzer Cloud versions 7.2.1 through 7.2.6, update to a version outside of this range to resolve the issue. For Fortinet FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, update to a version outside of this range to resolve the issue.