diff --git a/2024/45xxx/CVE-2024-45331.json b/2024/45xxx/CVE-2024-45331.json index f650f009ff7..5429e24759c 100644 --- a/2024/45xxx/CVE-2024-45331.json +++ b/2024/45xxx/CVE-2024-45331.json @@ -1,17 +1,130 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiAnalyzer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.3" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.5" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.13" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.15" + } + ] + } + }, + { + "product_name": "FortiManager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.2" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.5" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.13" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", + "refsource": "MISC", + "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C" } ] }