Skip to main content

Fortinet FortiManager CVE-2024-33503

HIGH
Incorrect Privilege Assignment (CWE-266)
2025-01-14 psirt@fortinet.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local shell access with an existing low-privilege account (AV:L, PR:L) and no user interaction yields full appliance compromise, so C/I/A all High.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jul 08, 2026 - 14:33 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 08, 2026 - 14:33 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 08, 2026 - 14:22 vuln.today
cvss_changed
Severity Changed
Jul 08, 2026 - 14:22 NVD
MEDIUM HIGH
CVSS changed
Jul 08, 2026 - 14:22 NVD
6.7 (MEDIUM) 7.8 (HIGH)
Analysis Generated
Mar 28, 2026 - 18:03 vuln.today
CVE Published
Jan 14, 2025 - 14:15 nvd
MEDIUM 6.7

DescriptionNVD

A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands

AnalysisAI

Local privilege escalation in Fortinet FortiManager (6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.3) and FortiAnalyzer (6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.2), including their Cloud variants, lets an attacker who already holds low-privilege CLI/shell access run specific shell commands to gain elevated privileges. Full confidentiality, integrity, and availability impact result, effectively giving an attacker administrative control of the management appliance. No public exploit identified at time of analysis; the low EPSS score (0.03%, 9th percentile) indicates minimal current exploitation activity.

Technical ContextAI

FortiManager and FortiAnalyzer are Fortinet's centralized management and log/analytics platforms for Fortinet security fabrics; the Cloud editions offer the same functionality as hosted services. The flaw is classified as CWE-266 (Incorrect Privilege Assignment), a root-cause class where a program grants an actor privileges beyond those intended. Here the appliance's constrained shell fails to properly confine what specific shell commands a lower-privileged operator may execute, allowing that operator to cross a privilege boundary. Because these devices manage fleets of firewalls and store sensitive configuration and log data, privilege escalation on the appliance itself carries outsized downstream risk to the managed estate.

RemediationAI

Follow Fortinet advisory FG-IR-24-127 (https://fortiguard.fortinet.com/psirt/FG-IR-24-127) and upgrade to the fixed releases specified there; the input data does not include exact fixed version numbers, so consult the advisory for the precise target build for your branch (generally the release above the highest listed vulnerable version in each train, e.g. FortiManager 7.4.4+ / 7.2.6+ / 7.0.13+ and FortiAnalyzer 7.4.3+ / 7.2.6+ / 7.0.13+ - verify against the advisory before applying). As a compensating control until patched, tightly restrict who holds CLI/shell and low-privilege administrative accounts on these appliances, since exploitation requires an existing local foothold: limit administrative accounts to the minimum operators, enforce strong authentication and trusted-host/management-interface ACLs to reduce who can reach the shell, and audit CLI command usage for anomalous shell command activity. These controls reduce exposure but do not remove the underlying flaw, and over-restricting operator accounts may impede legitimate administration, so patching remains the primary fix.

CVE-2023-25610 CRITICAL
9.8 Mar 24

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0

CVE-2023-42788 MEDIUM POC
6.7 Oct 10

An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in

CVE-2023-44256 MEDIUM POC
6.5 Oct 20

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2

CVE-2023-42787 MEDIUM POC
6.5 Oct 10

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and bef

CVE-2024-35276 CRITICAL
9.8 Jan 14

Remote code execution in Fortinet FortiManager and FortiAnalyzer (plus their Cloud variants) arises from a stack-based b

CVE-2024-23666 HIGH
8.8 Nov 12

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 thr

CVE-2022-22300 HIGH
8.8 Mar 01

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, Fo

CVE-2020-12817 HIGH
8.8 Sep 24

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticat

CVE-2023-22642 HIGH
8.1 Apr 11

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0

CVE-2024-45331 HIGH
7.8 Jan 16

Local privilege escalation in Fortinet FortiAnalyzer, FortiManager and their Cloud variants allows an already-authentica

CVE-2024-21757 HIGH
7.8 Aug 13

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and v

CVE-2023-25607 HIGH
7.8 Oct 10

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in

Share

CVE-2024-33503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy