CVE-2024-54020
published 2025-05-28CVE-2024-54020: A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 7.0.0 < 7.0.8 | 7.0.8 |
| fortinet | fortimanager | 7.0.0 – 7.0.7 | — |
| fortinet | fortimanager | >= 7.2.0 < 7.2.2 | 7.2.2 |
| fortinet | fortimanager | 7.2.0 – 7.2.1 | — |
| fortinet | fortinet | — | — |