CVE-2024-33501

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-33501
Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via specifically crafted CLI requests.

4.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-130 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
History

24 Jul 2025, 19:05

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:*
Summary
  • (es) Dos vulnerabilidades de neutralización incorrecta de elementos especiales utilizadas en un comando SQL ('SQL Injection') [CWE-89] en Fortinet FortiAnalyzer versión 7.4.0 a 7.4.2 y anteriores a 7.2.5, FortiManager versión 7.4.0 a 7.4.2 y anteriores a 7.2.5 y FortiAnalyzer-BigData versión 7.4.0 y anteriores a 7.2.7 permiten que un atacante privilegiado ejecute código o comandos no autorizados a través de solicitudes CLI específicamente manipuladas.
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-130 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-130 - Vendor Advisory
First Time Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
Fortinet fortianalyzer Big Data

11 Mar 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-11 15:15

Updated : 2025-07-24 19:05

NVD link : CVE-2024-33501

Mitre link : CVE-2024-33501

CVE.ORG link : CVE-2024-33501

JSON object : View

Products Affected

fortinet

  • fortimanager
  • fortianalyzer_big_data
  • fortianalyzer
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')