CVE-2024-54020

Summary

A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager7.2.0 <= 7.2.1affected
FortinetFortiManager7.0.0 <= 7.0.7affected

Weaknesses

  • CWE-862: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References