A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2

The impact of CVE-2024-45331 is significant due to the potential for complete system compromise. An attacker who successfully exploits this vulnerability can gain administrative access to the FortiAnalyzer or FortiManager device. This elevated access allows them to modify configurations, access sensitive data such as logs and security policies, and potentially pivot to other systems on the network. The blast radius extends beyond the affected device, as an attacker could use it as a launchpad for further attacks. The ability to execute arbitrary shell commands is a critical security risk, similar to vulnerabilities that allow for remote code execution. Compromise of the FortiAnalyzer or FortiManager could lead to data breaches, denial of service, and disruption of security operations.

1. आरक्षित2024-08-27
2. प्रकाशित2025-01-16
3. EPSS अद्यतन2026-04-02

The primary mitigation for CVE-2024-45331 is to upgrade to FortiAnalyzer/FortiManager version 7.4.4 or later. Before upgrading, review the Fortinet advisory for any potential compatibility issues or breaking changes. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting access to the management interface and implementing strict access controls. Monitor system logs for suspicious activity, particularly shell command executions. While a WAF or proxy cannot directly prevent this privilege escalation, they can help detect and block malicious traffic attempting to exploit the vulnerability. Consider implementing Sigma or YARA rules to detect suspicious shell command patterns indicative of exploitation attempts. After upgrading, confirm the fix by attempting to execute the vulnerable shell commands and verifying that they are no longer successful.