CVE-2024-36505

CVE Database · CVE-2024-36505

CVE-2024-36505

· MEDIUMAnalyzed

CVSS v3.1

5.1

EPSS

0.16%

Published

Aug 13, 2024

Modified

Aug 22, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-284

Affected Products (4)

fortinet · fortiosvulnerable

fortinet · fortios (up to 7.0.15)vulnerable

fortinet · fortios (up to 7.2.8)vulnerable

fortinet · fortios (up to 7.4.4)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-012

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs