Lucene search

[email protected]NVD:CVE-2024-36505

HistoryAug 13, 2024 - 4:15 p.m.

CVE-2024-36505

2024-08-1316:15:08

CWE-284

[email protected]

web.nvd.nist.gov

improper access control

fortios

bypassing file integrity

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.5%

JSON

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.

Affected configurations

Nvd

Node

fortinetfortiosRange6.4.13–6.4.15

fortinetfortiosRange7.0.12–7.0.15

fortinetfortiosRange7.2.5–7.2.8

fortinetfortiosRange7.4.0–7.4.4

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::

References

fortiguard.fortinet.com/psirt/FG-IR-24-012

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.5%

JSON

Related for NVD:CVE-2024-36505

cve1 nessus1 vulnrichment1 cvelist1