CVE-2024-36505

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

History

22 Aug 2024, 14:36

Type Values Removed Values Added
First Time Fortinet fortios
Fortinet
CPE cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiOS 7.4.0 a 7.4.3, 7.2.5 a 7.2.7, 7.0.12 a 7.0.14 y 6.4.x puede permitir que un atacante que ya haya obtenido acceso de escritura con éxito al sistema subyacente (a través de otro exploit hipotético) para evitar el sistema de verificación de integridad de archivos.
CVSS v2 : unknown
v3 : 5.1
v2 : unknown
v3 : 5.5
CWE NVD-CWE-Other
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-012 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-012 - Vendor Advisory

13 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 16:15

Updated : 2024-08-22 14:36


NVD link : CVE-2024-36505

Mitre link : CVE-2024-36505

CVE.ORG link : CVE-2024-36505


JSON object : View

Products Affected

fortinet

  • fortios
CWE
NVD-CWE-Other CWE-284

Improper Access Control