CVE-2024-45330

CWE-134Uncontrolled Format String4 documents4 sources
Severity
7.2HIGH
EPSS
0.3%
top 47.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortianalyzerFortinet Fortianalyzer Cloud
Timeline
PublishedOct 8

Description

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

CVEListV5fortinet/fortianalyzer7.4.07.4.3+1
NVDfortinet/fortianalyzer7.2.27.2.5+1
NVDfortinet/fortianalyzer_cloud7.2.27.2.6+1

🔴Vulnerability Details

2
GHSA
GHSA-gqvm-4224-vpw5: A use of externally-controlled format string in Fortinet FortiAnalyzer versions 72024-10-08
CVEList
CVE-2024-45330: A use of externally-controlled format string in Fortinet FortiAnalyzer versions 72024-10-08

📋Vendor Advisories

1
Fortinet
Format String Bug in fazsvcd2024-10-08
CVE-2024-45330 (HIGH CVSS 7.2) | A use of externally-controlled form | cvebase.io