admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/33xxx/CVE-2024-33502.json
CVE Team 9f6337b849
"-Synchronized-Data."
2025-01-14 15:01:02 +00:00

151 lines
6.6 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-33502",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.4.0",
"version_value": "7.4.2"
},
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.5"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.13"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.15"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.13"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.12"
}
]
}
},
{
"product_name": "FortiAnalyzer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.4.0",
"version_value": "7.4.2"
},
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.5"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.13"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.15"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.13"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-143",
"refsource": "MISC",
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-143"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:C"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink