CVE-2024-36505 — Improper Access Control in Fortinet Fortios

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.5MEDIUMNVD

CNA5.1

EPSS

0.0%

top 94.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedAug 13

Description

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortios7.0.12 — 7.0.15+3

▶CVEListV5fortinet/fortios7.4.0 — 7.4.3+3

🔴Vulnerability Details

CVEList

CVE-2024-36505: An improper access control vulnerability [CWE-284] in FortiOS 7↗2024-08-13

▶

GHSA

GHSA-44gw-49w9-fmfr: An improper access control vulnerability [CWE-284] in FortiOS 7↗2024-08-13

▶

📋Vendor Advisories

Fortinet

Real-time file system integrity checking write protection bypass↗2024-08-13

▶