Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.

Published

2024-10-08T15:15:15.010

Last Modified

2024-10-19T00:41:09.717

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-134
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortianalyzer	≤ 7.2.5	Yes
Application	fortinet	fortianalyzer	≤ 7.4.3	Yes
Application	fortinet	fortianalyzer_cloud	≤ 7.2.6	Yes
Application	fortinet	fortianalyzer_cloud	≤ 7.4.3	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-196 Vendor Advisory ([email protected])