A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
History

Sat, 19 Oct 2024 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortianalyzer Cloud
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
Vendors & Products Fortinet fortianalyzer Cloud

Tue, 08 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
Description A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
First Time appeared Fortinet
Fortinet fortianalyzer
Weaknesses CWE-134
CPEs cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortianalyzer
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-10-08T14:19:03.894Z

Updated: 2024-10-08T16:00:13.750Z

Reserved: 2024-08-27T06:43:07.251Z

Link: CVE-2024-45330

cve-icon Vulnrichment

Updated: 2024-10-08T16:00:07.439Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-08T15:15:15.010

Modified: 2024-10-19T00:41:09.717

Link: CVE-2024-45330

cve-icon Redhat

No data.