An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-54071 An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.
Fixes

Solution

Please upgrade to FortiNDR version 7.4.3 or above Please upgrade to FortiNDR version 7.2.2 or above


Workaround

No workaround given by the vendor.

History

Thu, 24 Jul 2025 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00025}

epss

{'score': 0.00034}


Fri, 14 Mar 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 14 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Description An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.
Weaknesses CWE-354
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:X/RC:X'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2025-03-14T17:53:27.052Z

Reserved: 2024-09-27T16:19:24.136Z

Link: CVE-2024-47573

cve-icon Vulnrichment

Updated: 2025-03-14T17:53:23.243Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-14T15:15:43.363

Modified: 2025-07-24T18:53:45.137

Link: CVE-2024-47573

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T21:06:52Z