CVE-2024-54020

A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.

CVSS v3 2.3 LOW

2.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-023	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::

History

No history.

Information

Published : 2025-05-28 08:15

Updated : 2025-06-04 14:34

NVD link : CVE-2024-54020

Mitre link : CVE-2024-54020

CVE.ORG link : CVE-2024-54020

JSON object : View

Products Affected

fortinet

fortimanager

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-54020", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-05-28T08:15:20.043", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests."}, {"lang": "es", "value": "Una autorizaci\u00f3n faltante en las versiones 7.2.0 a 7.2.1 y 7.0.0 a 7.0.7 de Fortinet FortiManager puede permitir que un atacante autenticado sobrescriba las fuentes de amenazas globales a trav\u00e9s de solicitudes de actualizaci\u00f3n manipuladas."}], "lastModified": "2025-06-04T14:34:54.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5248A7F-5122-4C07-8A4C-FE7A0BA07CF2", "versionEndExcluding": "7.0.8", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C654DFBA-E3B0-4865-9088-13385A428E78", "versionEndExcluding": "7.2.2", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}