CVE-2024-54020

CWE-862Missing Authorization4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 65.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortimanager
Timeline
PublishedMay 28

Description

A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortimanager7.0.07.0.8+1
CVEListV5fortinet/fortimanager7.2.07.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-jj5f-jxf3-25vx: A missing authorization in Fortinet FortiManager versions 72025-05-28
CVEList
CVE-2024-54020: A missing authorization in Fortinet FortiManager versions 72025-05-28

📋Vendor Advisories

1
Fortinet
Unauthorized modification of global threat feeds2025-05-28
CVE-2024-54020 (MEDIUM CVSS 4.3) | A missing authorization in Fortinet | cvebase.io