CVE-2024-33503

{"id": "CVE-2024-33503", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-01-14T14:15:29.517", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-266"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands"}, {"lang": "es", "value": "Una gesti\u00f3n de privilegios incorrecta en Fortinet FortiManager versi\u00f3n 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiAnalyzer versi\u00f3n 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14 permite a los atacantes escalar privilegios a trav\u00e9s de comandos de shell espec\u00edficos."}], "lastModified": "2025-01-31T17:36:27.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06", "versionEndExcluding": "7.2.6", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6F162A7-0D01-43E0-99D8-D7B87B080853", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BFF3B9-3927-4B15-A573-4EDB20362841", "versionEndExcluding": "7.2.7", "versionStartIncluding": "6.4.1"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40C3665B-3E49-4D0C-B924-266D49F1E510", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.1"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71CC4AA3-04CC-49CA-A012-E28C4D1F11DE", "versionEndExcluding": "7.2.6", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AE9CAFD-5D5B-4799-8690-624225963595", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75DA0ED6-C606-4763-A7B0-575F8061237A", "versionEndExcluding": "7.2.7", "versionStartIncluding": "7.0.1"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}