CVE-2024-47573Improper Validation of Integrity Check Value in Fortinet Fortindr

CWE-354Improper Validation of Integrity Check Value4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 81.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortindr
Timeline
PublishedMar 14

Description

An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

NVDfortinet/fortindr7.0.07.2.2+1
CVEListV5fortinet/fortindr7.4.07.4.2+3

🔴Vulnerability Details

2
GHSA
GHSA-v2mv-99jp-98vc: An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 72025-03-14
CVEList
CVE-2024-47573: An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 72025-03-14

📋Vendor Advisories

1
Fortinet
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2...2025-03-14
CVE-2024-47573 — Fortinet Fortindr vulnerability | cvebase