A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands

Project Subscriptions

Vendors Products
Fortinet Subscribe
Fortianalyzer Subscribe
Fortianalyzer Cloud Subscribe
Fortimanager Subscribe
Fortimanager Cloud Subscribe
Fortimanagercloud Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2024-31241 A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands
Fixes

Solution

Upgrade to FortiManager Cloud version 7.4.4 or above Upgrade to FortiManager Cloud version 7.2.7 or above Upgrade to FortiAnalyzer Cloud version 7.4.3 or above Upgrade to FortiAnalyzer Cloud version 7.2.7 or above Upgrade to FortiManager version 7.6.0 or above Upgrade to FortiManager version 7.4.4 or above Upgrade to FortiManager version 7.2.6 or above Upgrade to FortiAnalyzer version 7.4.4 or above Upgrade to FortiAnalyzer version 7.2.6 or above


Workaround

No workaround given by the vendor.

History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Description A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands
First Time appeared Fortinet fortimanagercloud
CPEs cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*
Vendors & Products Fortinet fortimanagercloud
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C'}

cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C'}


Fri, 31 Jan 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortianalyzer
Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
Vendors & Products Fortinet fortianalyzer
Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud

Tue, 14 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Jan 2025 14:15:00 +0000

Type Values Removed Values Added
Description A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands
First Time appeared Fortinet
Fortinet fortimanager
Weaknesses CWE-266
CPEs cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortimanager
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-07-08T12:59:10.104Z

Reserved: 2024-04-23T14:18:29.830Z

Link: CVE-2024-33503

cve-icon Vulnrichment

Updated: 2025-01-14T15:16:34.554Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T14:15:29.517

Modified: 2026-06-17T07:31:52.677

Link: CVE-2024-33503

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses