Bitter APT – Active IOCs
October 14, 2024OilRig Leverages Windows Kernel Bug in Espionage Operation Targeting Gulf and UAE – Active IOCs
October 14, 2024Bitter APT – Active IOCs
October 14, 2024OilRig Leverages Windows Kernel Bug in Espionage Operation Targeting Gulf and UAE – Active IOCs
October 14, 2024Severity
Medium
Analysis Summary
CVE-2024-45330 CVSS:7.2
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
CVE-2024-33506 CVSS:3.3
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-45330
- CVE-2024-33506
Affected Vendors
Affected Products
- Fortinet FortiAnalyzer - 7.4.0 - 7.2.2
- Fortinet FortiManager 7.4.0 - 7.4.2
- Fortinet FortiManager 7.2.0 - 7.2.5
- Fortinet FortiManager 7.0 All Versions
Remediation
Refer to Fortinet FortiGuard Security Advisory for patch, upgrade, or suggested workaround information.