Description
A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.2, FortiAnalyzer Cloud 7.2.1 through 7.2.6, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalate privilege via specific shell commands
Published: 2025-01-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Upgrade to FortiManager Cloud version 7.4.4 or above Upgrade to FortiManager Cloud version 7.2.7 or above Upgrade to FortiAnalyzer Cloud version 7.4.3 or above Upgrade to FortiAnalyzer Cloud version 7.2.7 or above Upgrade to FortiManager version 7.6.0 or above Upgrade to FortiManager version 7.4.4 or above Upgrade to FortiManager version 7.2.6 or above Upgrade to FortiAnalyzer version 7.4.4 or above Upgrade to FortiAnalyzer version 7.2.6 or above

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-41276 A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Description A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.2, FortiAnalyzer Cloud 7.2.1 through 7.2.6, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalate privilege via specific shell commands
First Time appeared Fortinet fortianalyzercloud
CPEs cpe:2.3:a:fortinet:fortianalyzercloud:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*
Vendors & Products Fortinet fortianalyzercloud
Metrics cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C'}

cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}


Mon, 03 Feb 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
Vendors & Products Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud

Thu, 16 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jan 2025 09:15:00 +0000

Type Values Removed Values Added
Description A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
First Time appeared Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
Weaknesses CWE-266
CPEs cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
References
Metrics cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C'}


Subscriptions

Fortinet Fortianalyzer Fortianalyzer Cloud Fortianalyzercloud Fortimanager Fortimanager Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-07-08T14:04:10.664Z

Reserved: 2024-08-27T06:43:07.251Z

Link: CVE-2024-45331

cve-icon Vulnrichment

Updated: 2025-01-16T14:19:15.660Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-16T09:15:06.500

Modified: 2026-06-17T07:54:02.613

Link: CVE-2024-45331

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses