CVE-2024-54020

CVE Database · CVE-2024-54020

CVE-2024-54020

· LOWAnalyzed

CVSS v3.1

2.3

EPSS

0.18%

Published

May 28, 2025

Modified

Jun 4, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-862

Affected Products (2)

fortinet · fortimanager (up to 7.0.8)vulnerable

fortinet · fortimanager (up to 7.2.2)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-023

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs