CVE-2024-36505 MEDIUM

CVE-2024-36505

Vendor Fortinet
Product FortiOS
Weakness CWE-284
Published August 13, 2024
Last update August 15, 2024

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R

What the vulnerability does

01Description

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.

Key dates

02Disclosure timeline

August 13, 2024 CVE published
August 15, 2024 Record updated