Multiple Fortinet FortiAnalyzer and FortiManager Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-45330 CVSS:7.2

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.

CVE-2024-33506 CVSS:3.3

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.

Impact

Privilege Escalation
Information Disclosure

Indicators of Compromise

CVE

CVE-2024-45330
CVE-2024-33506

Affected Vendors

Fortinet

Affected Products

Fortinet FortiAnalyzer - 7.4.0 - 7.2.2
Fortinet FortiManager 7.4.0 - 7.4.2
Fortinet FortiManager 7.2.0 - 7.2.5
Fortinet FortiManager 7.0 All Versions

Remediation

Refer to Fortinet FortiGuard Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-45330

CVE-2024-33506

Bitter APT – Active IOCs

OilRig Leverages Windows Kernel Bug in Espionage Operation Targeting Gulf and UAE – Active IOCs

Multiple Fortinet FortiAnalyzer and FortiManager Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan