{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35273", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-05-14T21:15:19.188Z", "datePublished": "2025-01-14T14:08:54.379Z", "dateUpdated": "2025-01-14T20:55:51.137Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiAnalyzer", "cpes": ["cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager", "cpes": ["cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-01-14T14:08:54.379Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiProxy version 7.4.5 or above \nPlease upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiADC version 7.6.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-106", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-106"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T15:16:41.659053Z", "id": "CVE-2024-35273", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T20:55:51.137Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35273", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-14T15:16:41.659053Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:16:42.995Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiAnalyzer", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiManager", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiProxy version 7.4.5 or above \nPlease upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiADC version 7.6.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-106", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-106"}], "descriptions": [{"lang": "en", "value": "A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-01-14T14:08:54.379Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35273", "state": "PUBLISHED", "dateUpdated": "2025-01-14T20:55:51.137Z", "dateReserved": "2024-05-14T21:15:19.188Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-01-14T14:08:54.379Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6F162A7-0D01-43E0-99D8-D7B87B080853", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "40C3665B-3E49-4D0C-B924-266D49F1E510", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4490512-36ED-4212-9D34-D74739A56E84", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F0FB078-A95E-4AFC-B4A9-A8C43E997A78", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests."}, {"lang": "es", "value": "Una escritura fuera de los l\u00edmites en Fortinet FortiManager versi\u00f3n 7.4.0 a 7.4.2 y FortiAnalyzer versi\u00f3n 7.4.0 a 7.4.2 permite a un atacante escalar privilegios a trav\u00e9s de solicitudes http especialmente manipuladas."}], "id": "CVE-2024-35273", "lastModified": "2025-01-31T17:38:10.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-14T14:15:29.663", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-106"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}