Lucene search

FortinetCVELIST:CVE-2024-36505

HistoryAug 13, 2024 - 3:51 p.m.

CVE-2024-36505

2024-08-1315:51:56

CWE-284

fortinet

www.cve.org

improper access control

fortios

vulnerability

file integrity checking

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RC:R

EPSS

Percentile

9.5%

JSON

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiOS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.4.0",
        "lessThanOrEqual": "7.4.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.2.5",
        "lessThanOrEqual": "7.2.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.12",
        "lessThanOrEqual": "7.0.14",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.13",
        "lessThanOrEqual": "6.4.15",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.fortinet.com/psirt/FG-IR-24-012

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RC:R

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-36505