Platform
fortinet
Component
fortianalyzer-fortimanager
Fixed in
7.4.4
7.2.6
7.0.14
6.4.16
7.4.3
7.2.6
7.0.14
6.4.16
CVE-2024-45331 is a privilege escalation vulnerability affecting Fortinet FortiAnalyzer and FortiManager devices. An incorrect privilege assignment allows an attacker to execute specific shell commands and gain elevated privileges within the system. Successful exploitation could lead to unauthorized access to sensitive data and control over the affected device, potentially impacting the entire network. This vulnerability impacts FortiAnalyzer versions 6.4.0 through 7.4.3, FortiManager versions 6.4.0 through 7.4.2, and related cloud versions. A fix is available in version 7.4.4.
The impact of CVE-2024-45331 is significant due to the potential for complete system compromise. An attacker who successfully exploits this vulnerability can gain administrative access to the FortiAnalyzer or FortiManager device. This elevated access allows them to modify configurations, access sensitive data such as logs and security policies, and potentially pivot to other systems on the network. The blast radius extends beyond the affected device, as an attacker could use it as a launchpad for further attacks. The ability to execute arbitrary shell commands is a critical security risk, similar to vulnerabilities that allow for remote code execution. Compromise of the FortiAnalyzer or FortiManager could lead to data breaches, denial of service, and disruption of security operations.
CVE-2024-45331 was published on January 16, 2025. The vulnerability's EPSS score is currently pending evaluation, but the ability to escalate privileges via shell commands suggests a potential for active exploitation. Public proof-of-concept (POC) code may emerge, increasing the risk. Monitor security advisories and threat intelligence feeds for updates on exploitation activity. Refer to the Fortinet security advisory for detailed information and mitigation guidance.
Exploit Status
EPSS
0.18% (39% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-45331 is to upgrade to FortiAnalyzer/FortiManager version 7.4.4 or later. Before upgrading, review the Fortinet advisory for any potential compatibility issues or breaking changes. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting access to the management interface and implementing strict access controls. Monitor system logs for suspicious activity, particularly shell command executions. While a WAF or proxy cannot directly prevent this privilege escalation, they can help detect and block malicious traffic attempting to exploit the vulnerability. Consider implementing Sigma or YARA rules to detect suspicious shell command patterns indicative of exploitation attempts. After upgrading, confirm the fix by attempting to execute the vulnerable shell commands and verifying that they are no longer successful.
Actualice FortiAnalyzer y FortiManager a la última versión disponible. Consulte el advisory de Fortinet (FG-IR-24-127) para obtener detalles específicos sobre las versiones corregidas y las instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-45331 is a privilege escalation vulnerability in Fortinet FortiAnalyzer and FortiManager devices, allowing attackers to gain elevated access via shell commands.
You are affected if you are running FortiAnalyzer or FortiManager versions 6.4.0 through 7.4.3, or related cloud versions. Check your version against the affected range.
Upgrade to FortiAnalyzer/FortiManager version 7.4.4 or later. Review Fortinet's advisory for upgrade instructions and potential compatibility issues.
While no active campaigns are currently confirmed, the vulnerability's nature suggests a potential for exploitation, and monitoring is recommended.
Refer to the Fortinet security advisory and the National Vulnerability Database (NVD) entry for CVE-2024-45331 for detailed information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.