October 2024 - Fortinet Vulnerabilities
CVE-2024-47575: Code Execution Vulnerability Due to Lack of Authentication in FortiManager
Fortinet FortiManager (versions 7.6.0, 7.4.0 to 7.4.4, 7.2.0 to 7.2.7, 7.0.0 to 7.0.12, 6.4.0 to 6.4.14) and FortiManager Cloud (versions 7.4.1 to 7.4.4, 7.2.1 to 7.2.7, 7.0.1 to 7.0.12, and 6.4.1 to 6.4.7) contain a lack of authentication for a critical function. This vulnerability allows attackers to execute arbitrary code or commands by sending specially crafted requests.
- Release Date: October 23, 2024
- CVSS Score: 9.8 CRITICAL
- Description: This vulnerability allows critical code execution on the system. In environments where FortiManager is used in enterprise networks, this vulnerability poses a severe threat by enabling attackers to compromise system security.
CVE-2024-45330: Privilege Escalation Vulnerability Through Externally Controlled Format String in FortiAnalyzer
In Fortinet FortiAnalyzer versions 7.4.0 to 7.4.3 and 7.2.2 to 7.2.5, a privilege escalation vulnerability exists due to the use of an externally controlled format string. This vulnerability enables attackers to elevate their privileges on the system by sending specially crafted requests.
- Release Date: October 8, 2024
- CVSS Score: 7.2 HIGH
- Description: Format string vulnerabilities often lead to sensitive data leakage and privilege escalation. This vulnerability allows attackers to gain higher access privileges on FortiAnalyzer, presenting a significant risk to system security.