From c9b18a37ab27eb0ca4b81868e3ba4a0a042c70da Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2025 09:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/45xxx/CVE-2024-45331.json | 121 +++++++++++++++++++++++++++++++-- 1 file changed, 117 insertions(+), 4 deletions(-) diff --git a/2024/45xxx/CVE-2024-45331.json b/2024/45xxx/CVE-2024-45331.json index f650f009ff7..5429e24759c 100644 --- a/2024/45xxx/CVE-2024-45331.json +++ b/2024/45xxx/CVE-2024-45331.json @@ -1,17 +1,130 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiAnalyzer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.3" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.5" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.13" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.15" + } + ] + } + }, + { + "product_name": "FortiManager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.2" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.5" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.13" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", + "refsource": "MISC", + "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C" } ] }