cve/2024/CVE-2024-45331.md

### [CVE-2024-45331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45331)
![](https://img.shields.io/static/v1?label=Product&message=FortiAnalyzer&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.4.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.4.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Escalation%20of%20privilege&color=brightgreen)

### Description

A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds