cvelistv5 - cve-2024-33505

cve-2024-33505

Vulnerability from cvelistv5

Published

2024-11-12 18:53

Modified

2024-11-12 20:54

Severity ?

5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

Summary

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-125	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiAnalyzer

Version: 7.4.0   ≤ 7.4.2
Version: 7.2.0   ≤ 7.2.5
Version: 7.0.0   ≤ 7.0.13
Version: 6.4.0   ≤ 6.4.15
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*

Fortinet

FortiManager

Version: 7.4.0   ≤ 7.4.2
Version: 7.2.0   ≤ 7.2.5
Version: 7.0.0   ≤ 7.0.13
Version: 6.4.0   ≤ 6.4.15
Version: 6.2.0   ≤ 6.2.13
Version: 6.0.0   ≤ 6.0.12
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-33505",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-12T20:54:33.794284Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-12T20:54:41.759Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiAnalyzer",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.2",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.5",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.13",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiManager",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.2",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.5",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.13",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.13",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.12",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-122",
                     description: "Escalation of privilege",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-12T18:53:56.870Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-125",
               url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-125",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAP-U version 7.0.4 or above \nPlease upgrade to FortiClient (all) version 7.4.0 or above \nPlease upgrade to FortiClient (all) version 7.2.5 or above \nPlease upgrade to FortiClient (all) version 7.0.13 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiAP version 7.6.0 or above \nPlease upgrade to FortiAP version 7.4.3 or above \nPlease upgrade to FortiClientEMS version 7.2.7 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2024-33505",
      datePublished: "2024-11-12T18:53:56.870Z",
      dateReserved: "2024-04-23T14:18:29.830Z",
      dateUpdated: "2024-11-12T20:54:41.759Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-33505\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2024-11-12T19:15:09.500\",\"lastModified\":\"2025-01-31T17:41:27.897\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de búfer basado en montón en Fortinet FortiAnalyzer versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiManager versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14 permite a un atacante escalar privilegios a través de solicitudes http especialmente manipuladas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.3\",\"matchCriteriaId\":\"AF309EFD-1770-44AF-B192-3D9816F792CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"7.2.7\",\"matchCriteriaId\":\"DFDD1168-61E8-4974-A1F4-8F262431C399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.3\",\"matchCriteriaId\":\"E4490512-36ED-4212-9D34-D74739A56E84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.1\",\"versionEndExcluding\":\"7.2.7\",\"matchCriteriaId\":\"A941ABF0-5959-48FE-BFFF-20BB78E02C74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.1\",\"versionEndExcluding\":\"7.4.3\",\"matchCriteriaId\":\"7F0FB078-A95E-4AFC-B4A9-A8C43E997A78\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-125\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-33505\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-12T20:54:33.794284Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-12T20:54:37.901Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiAnalyzer\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.15\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.15\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.13\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0.12\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiAnalyzer version 7.4.3 or above \\nPlease upgrade to FortiAnalyzer version 7.2.6 or above \\nPlease upgrade to FortiManager version 7.4.3 or above \\nPlease upgrade to FortiManager version 7.2.6 or above \\nPlease upgrade to FortiAP-U version 7.0.4 or above \\nPlease upgrade to FortiClient (all) version 7.4.0 or above \\nPlease upgrade to FortiClient (all) version 7.2.5 or above \\nPlease upgrade to FortiClient (all) version 7.0.13 or above \\nPlease upgrade to FortiManager Cloud version 7.4.3 or above \\nPlease upgrade to FortiManager Cloud version 7.2.7 or above \\nPlease upgrade to FortiAP version 7.6.0 or above \\nPlease upgrade to FortiAP version 7.4.3 or above \\nPlease upgrade to FortiClientEMS version 7.2.7 or above \\nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \\nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-125\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-125\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"Escalation of privilege\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2024-11-12T18:53:56.870Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-33505\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-12T20:54:41.759Z\", \"dateReserved\": \"2024-04-23T14:18:29.830Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2024-11-12T18:53:56.870Z\", \"assignerShortName\": \"fortinet\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

gsd-2024-33505

Vulnerability from gsd

Modified

2024-04-24 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-33505

JSON

To clipboard

{
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2024-33505",
         ],
         id: "GSD-2024-33505",
         modified: "2024-04-24T05:02:09.761772Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2024-33505",
            STATE: "RESERVED",
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
               },
            ],
         },
      },
   },
}

fkie_cve-2024-33505

Vulnerability from fkie_nvd

Published

2024-11-12 19:15

Modified

2025-01-31 17:41

Severity ?

5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-125	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortianalyzer	*
fortinet	fortianalyzer	*
fortinet	fortimanager	*
fortinet	fortimanager	*
fortinet	fortimanager_cloud	*
fortinet	fortimanager_cloud	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06",
                     versionEndExcluding: "7.2.6",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF309EFD-1770-44AF-B192-3D9816F792CB",
                     versionEndExcluding: "7.4.3",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFDD1168-61E8-4974-A1F4-8F262431C399",
                     versionEndExcluding: "7.2.7",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4490512-36ED-4212-9D34-D74739A56E84",
                     versionEndExcluding: "7.4.3",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A941ABF0-5959-48FE-BFFF-20BB78E02C74",
                     versionEndExcluding: "7.2.7",
                     versionStartIncluding: "6.4.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F0FB078-A95E-4AFC-B4A9-A8C43E997A78",
                     versionEndExcluding: "7.4.3",
                     versionStartIncluding: "7.4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests",
      },
      {
         lang: "es",
         value: "Un desbordamiento de búfer basado en montón en Fortinet FortiAnalyzer versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiManager versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14 permite a un atacante escalar privilegios a través de solicitudes http especialmente manipuladas.",
      },
   ],
   id: "CVE-2024-33505",
   lastModified: "2025-01-31T17:41:27.897",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.6,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.4,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 7.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-11-12T19:15:09.500",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-125",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-122",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

ghsa-pgmr-p79v-f7mc

Vulnerability from github

Published

2024-11-12 21:30

Modified

2024-11-12 21:30

Severity ?

5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2024-33505",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-122",
         "CWE-787",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2024-11-12T19:15:09Z",
      severity: "MODERATE",
   },
   details: "A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests",
   id: "GHSA-pgmr-p79v-f7mc",
   modified: "2024-11-12T21:30:52Z",
   published: "2024-11-12T21:30:52Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2024-33505",
      },
      {
         type: "WEB",
         url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-125",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
         type: "CVSS_V3",
      },
   ],
}

wid-sec-w-2024-3447

Vulnerability from csaf_certbund

Published

2024-11-12 23:00

Modified

2024-11-12 23:00

Summary

Fortinet FortiAnalyzer: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung. FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen und Dateien zu manipulieren.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung.\r\nFortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen und Dateien zu manipulieren.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3447 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3447.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3447 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3447",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-23-267 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-23-267",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-23-396 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-23-396",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-098 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-098",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-099 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-099",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-115 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-115",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-116 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-116",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-125 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-125",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-179 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-179",
         },
      ],
      source_lang: "en-US",
      title: "Fortinet FortiAnalyzer: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-11-12T23:00:00.000+00:00",
         generator: {
            date: "2024-11-13T12:16:11.658+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.8",
            },
         },
         id: "WID-SEC-W-2024-3447",
         initial_release_date: "2024-11-12T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-11-12T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.4.3",
                           product_id: "T039035",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.4.3",
                           product_id: "T039035-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.6",
                           product_id: "T039036",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.6",
                           product_id: "T039036-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.2.6",
                           product_id: "T039038",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.2.6",
                           product_id: "T039038-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.13",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.0.13",
                           product_id: "T039039",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.13",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.0.13",
                           product_id: "T039039-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.0.13",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiAnalyzer <6.4.15",
                           product_id: "T039040",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiAnalyzer 6.4.15",
                           product_id: "T039040-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:6.4.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.4.1",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.4.1",
                           product_id: "T039041",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.4.1",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.4.1",
                           product_id: "T039041-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.4.1",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.7",
                           product_id: "T039042",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.7",
                           product_id: "T039042-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.7",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.8",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.8",
                           product_id: "T039046",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.8",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.8",
                           product_id: "T039046-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.8",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud <7.4.3",
                           product_id: "T039047",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud 7.4.3",
                           product_id: "T039047-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:cloud__7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud <7.2.7",
                           product_id: "T039048",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud 7.2.7",
                           product_id: "T039048-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:cloud__7.2.7",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiAnalyzer",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiManager <7.4.3",
                           product_id: "T039037",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiManager 7.4.3",
                           product_id: "T039037-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.6",
                        product: {
                           name: "Fortinet FortiManager <7.2.6",
                           product_id: "T039043",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.6",
                        product: {
                           name: "Fortinet FortiManager 7.2.6",
                           product_id: "T039043-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.13",
                        product: {
                           name: "Fortinet FortiManager <7.0.13",
                           product_id: "T039044",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.13",
                        product: {
                           name: "Fortinet FortiManager 7.0.13",
                           product_id: "T039044-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.0.13",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiManager <6.4.15",
                           product_id: "T039045",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiManager 6.4.15",
                           product_id: "T039045-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:6.4.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.4.3",
                        product: {
                           name: "Fortinet FortiManager Cloud <7.4.3",
                           product_id: "T039049",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.4.3",
                        product: {
                           name: "Fortinet FortiManager Cloud 7.4.3",
                           product_id: "T039049-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:cloud__7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.2.6",
                        product: {
                           name: "Fortinet FortiManager Cloud <7.2.6",
                           product_id: "T039050",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.2.6",
                        product: {
                           name: "Fortinet FortiManager Cloud 7.2.6",
                           product_id: "T039050-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:cloud__7.2.6",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiManager",
               },
            ],
            category: "vendor",
            name: "Fortinet",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-44255",
         notes: [
            {
               category: "description",
               text: "In Fortinet FortiAnalyzer und Fortinet FortiManager besteht eine Schwachstelle. Die Sicherheitslücke ist auf eine fehlerhafte Zugriffskontrolle zurückzuführen, die zur Offenlegung personenbezogener Daten führt. Ein authentisierter Angreifer mit administrativen Leserechten kann diese Schwachstelle ausnutzen, um Ereignisprotokolle von einem anderen ADOM zu lesen, indem er bestimmte HTTP- oder HTTPS-Anfragen erstellt.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039046",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2023-44255",
      },
      {
         cve: "CVE-2024-23666",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus einer clientseitigen Durchsetzung von serverseitigen Sicherheitsproblemen. Ein authentisierter Angreifer mit Nur-Lese-Zugriff kann diese Schwachstelle ausnutzen, um erhöhte Berechtigungen zu erlangen und nicht autorisierte, sensible Operationen durchzuführen, indem er speziell gestaltete Anfragen sendet.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-23666",
      },
      {
         cve: "CVE-2024-31496",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Stack-Based Buffer Overflow-Problems im CLI. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Befehle über die CLI beliebigen Code auszuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-31496",
      },
      {
         cve: "CVE-2024-32116",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus mehreren relativen Pfadtraversalproblemen. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um Dateien aus dem unterliegenden Dateisystem durch speziell gestaltete CLI-Anfragen zu löschen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32116",
      },
      {
         cve: "CVE-2024-32118",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle wird durch die unsachgemäße Neutralisierung bestimmter Elemente verursacht, was zu einem OS-Injection-Problem führt. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er bestimmte CLI-Anfragen erstellt.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32118",
      },
      {
         cve: "CVE-2024-33505",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Heap-basierten Pufferüberlaufproblems.Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erhöhte Privilegien zu erlangen und beliebigen Code oder Befehle als Benutzer mit eingeschränkten Privilegien auszuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039045",
               "T039044",
               "T039050",
               "T039040",
               "T039039",
               "T039047",
               "T039035",
               "T039038",
               "T039049",
               "T039037",
               "T039048",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-33505",
      },
      {
         cve: "CVE-2024-35274",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Sicherheitslücke besteht aufgrund einer fehlerhaften Dateipfadbeschränkung, die eingeschränkte Directories nicht ausreichend durchsetzt. Ein lokaler Angreifer mit Administratorzugriff kann diese Schwachstelle ausnutzen, um über manipulierte CLI-Anfragen Dateien in bestimmten Directories zu erstellen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039046",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-35274",
      },
      {
         cve: "CVE-2024-32117",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle ist auf ein Path-Traversal-Problem zurückzuführen, das dazu führt, dass Einschränkungen für Directories nicht korrekt durchgesetzt werden. Ein authentisierter Angreifer mit privilegiertem Zugriff kann diese Schwachstelle ausnutzen, um beliebige Dateien aus dem unterliegenden System zu lesen, indem er manipulierte HTTP- oder HTTPS-Anfragen sendet.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32117",
      },
   ],
}

WID-SEC-W-2024-3447

Vulnerability from csaf_certbund

Published

2024-11-12 23:00

Modified

2024-11-12 23:00

Summary

Fortinet FortiAnalyzer: Mehrere Schwachstellen

Notes

Produktbeschreibung

FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung. FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.

Angriff

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung.\r\nFortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen und Dateien zu manipulieren.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3447 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3447.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3447 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3447",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-23-267 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-23-267",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-23-396 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-23-396",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-098 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-098",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-099 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-099",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-115 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-115",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-116 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-116",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-125 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-125",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-179 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-179",
         },
      ],
      source_lang: "en-US",
      title: "Fortinet FortiAnalyzer: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-11-12T23:00:00.000+00:00",
         generator: {
            date: "2024-11-13T12:16:11.658+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.8",
            },
         },
         id: "WID-SEC-W-2024-3447",
         initial_release_date: "2024-11-12T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-11-12T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.4.3",
                           product_id: "T039035",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.4.3",
                           product_id: "T039035-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.6",
                           product_id: "T039036",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.6",
                           product_id: "T039036-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.2.6",
                           product_id: "T039038",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.2.6",
                           product_id: "T039038-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.13",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.0.13",
                           product_id: "T039039",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.13",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.0.13",
                           product_id: "T039039-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.0.13",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiAnalyzer <6.4.15",
                           product_id: "T039040",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiAnalyzer 6.4.15",
                           product_id: "T039040-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:6.4.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.4.1",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.4.1",
                           product_id: "T039041",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.4.1",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.4.1",
                           product_id: "T039041-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.4.1",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.7",
                           product_id: "T039042",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.7",
                           product_id: "T039042-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.7",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.8",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.8",
                           product_id: "T039046",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.8",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.8",
                           product_id: "T039046-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.8",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud <7.4.3",
                           product_id: "T039047",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud 7.4.3",
                           product_id: "T039047-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:cloud__7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud <7.2.7",
                           product_id: "T039048",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud 7.2.7",
                           product_id: "T039048-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:cloud__7.2.7",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiAnalyzer",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiManager <7.4.3",
                           product_id: "T039037",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiManager 7.4.3",
                           product_id: "T039037-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.6",
                        product: {
                           name: "Fortinet FortiManager <7.2.6",
                           product_id: "T039043",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.6",
                        product: {
                           name: "Fortinet FortiManager 7.2.6",
                           product_id: "T039043-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.13",
                        product: {
                           name: "Fortinet FortiManager <7.0.13",
                           product_id: "T039044",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.13",
                        product: {
                           name: "Fortinet FortiManager 7.0.13",
                           product_id: "T039044-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.0.13",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiManager <6.4.15",
                           product_id: "T039045",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiManager 6.4.15",
                           product_id: "T039045-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:6.4.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.4.3",
                        product: {
                           name: "Fortinet FortiManager Cloud <7.4.3",
                           product_id: "T039049",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.4.3",
                        product: {
                           name: "Fortinet FortiManager Cloud 7.4.3",
                           product_id: "T039049-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:cloud__7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.2.6",
                        product: {
                           name: "Fortinet FortiManager Cloud <7.2.6",
                           product_id: "T039050",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.2.6",
                        product: {
                           name: "Fortinet FortiManager Cloud 7.2.6",
                           product_id: "T039050-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:cloud__7.2.6",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiManager",
               },
            ],
            category: "vendor",
            name: "Fortinet",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-44255",
         notes: [
            {
               category: "description",
               text: "In Fortinet FortiAnalyzer und Fortinet FortiManager besteht eine Schwachstelle. Die Sicherheitslücke ist auf eine fehlerhafte Zugriffskontrolle zurückzuführen, die zur Offenlegung personenbezogener Daten führt. Ein authentisierter Angreifer mit administrativen Leserechten kann diese Schwachstelle ausnutzen, um Ereignisprotokolle von einem anderen ADOM zu lesen, indem er bestimmte HTTP- oder HTTPS-Anfragen erstellt.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039046",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2023-44255",
      },
      {
         cve: "CVE-2024-23666",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus einer clientseitigen Durchsetzung von serverseitigen Sicherheitsproblemen. Ein authentisierter Angreifer mit Nur-Lese-Zugriff kann diese Schwachstelle ausnutzen, um erhöhte Berechtigungen zu erlangen und nicht autorisierte, sensible Operationen durchzuführen, indem er speziell gestaltete Anfragen sendet.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-23666",
      },
      {
         cve: "CVE-2024-31496",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Stack-Based Buffer Overflow-Problems im CLI. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Befehle über die CLI beliebigen Code auszuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-31496",
      },
      {
         cve: "CVE-2024-32116",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus mehreren relativen Pfadtraversalproblemen. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um Dateien aus dem unterliegenden Dateisystem durch speziell gestaltete CLI-Anfragen zu löschen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32116",
      },
      {
         cve: "CVE-2024-32118",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle wird durch die unsachgemäße Neutralisierung bestimmter Elemente verursacht, was zu einem OS-Injection-Problem führt. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er bestimmte CLI-Anfragen erstellt.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32118",
      },
      {
         cve: "CVE-2024-33505",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Heap-basierten Pufferüberlaufproblems.Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erhöhte Privilegien zu erlangen und beliebigen Code oder Befehle als Benutzer mit eingeschränkten Privilegien auszuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039045",
               "T039044",
               "T039050",
               "T039040",
               "T039039",
               "T039047",
               "T039035",
               "T039038",
               "T039049",
               "T039037",
               "T039048",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-33505",
      },
      {
         cve: "CVE-2024-35274",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Sicherheitslücke besteht aufgrund einer fehlerhaften Dateipfadbeschränkung, die eingeschränkte Directories nicht ausreichend durchsetzt. Ein lokaler Angreifer mit Administratorzugriff kann diese Schwachstelle ausnutzen, um über manipulierte CLI-Anfragen Dateien in bestimmten Directories zu erstellen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039046",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-35274",
      },
      {
         cve: "CVE-2024-32117",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle ist auf ein Path-Traversal-Problem zurückzuführen, das dazu führt, dass Einschränkungen für Directories nicht korrekt durchgesetzt werden. Ein authentisierter Angreifer mit privilegiertem Zugriff kann diese Schwachstelle ausnutzen, um beliebige Dateien aus dem unterliegenden System zu lesen, indem er manipulierte HTTP- oder HTTPS-Anfragen sendet.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32117",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-33505

Vulnerability from cvelistv5

gsd-2024-33505

Vulnerability from gsd

fkie_cve-2024-33505

Vulnerability from fkie_nvd

ghsa-pgmr-p79v-f7mc

Vulnerability from github

wid-sec-w-2024-3447

Vulnerability from csaf_certbund

WID-SEC-W-2024-3447

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature