March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Windows Vulnerabilities
January 24, 2025Fake CAPTCHA Campaign Deploys Lumma Stealer in Cross-Industry Attacks – Active IOCs
January 24, 2025Multiple Microsoft Windows Vulnerabilities
January 24, 2025Fake CAPTCHA Campaign Deploys Lumma Stealer in Cross-Industry Attacks – Active IOCs
January 24, 2025
Severity
Medium
Analysis Summary
CVE-2024-33503 CVSS:6.7
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands.
CVE-2024-56497 CVSS:6.5
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.
CVE-2023-46715 CVSS:4.7
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.
CVE-2024-35276 CVSS:5
A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker.
CVE-2024-35275 CVSS:6.5
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.
CVE-2022-23439 CVSS:4.4
Fortinet products are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers.
Impact
- Privilege Escalation
- Code Execution
- Buffer Overflow
- Data Manipulation
- Gain Access
Indicators of Compromise
CVE
CVE-2024-33503
CVE-2024-56497
CVE-2023-46715
CVE-2024-35276
CVE-2024-35275
CVE-2022-23439
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiOS 7.0.5
- Fortinet FortiOS 7.2.0
- Fortinet FortiOS 6.4.9
- Fortinet FortiOS 7.0.0
- Fortinet FortiManager - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
- Fortinet FortiMail - 7.2.0 - 7.0.0 - 6.4.0
- Fortinet FortiRecorder - 7.0.0 - 6.4.0
- Fortinet FortiProxy - 7.4.0 - 7.2.0 - 7.0.0
- Fortinet FortiOS - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0 - 6.2.0
- Fortinet FortiAnalyzer - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
Remediation
Upgrade to the latest version of Fortinet, available from the Website.