CVE-2024-36505

{"id": "CVE-2024-36505", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-13T16:15:08.970", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-012", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiOS 7.4.0 a 7.4.3, 7.2.5 a 7.2.7, 7.0.12 a 7.0.14 y 6.4.x puede permitir que un atacante que ya haya obtenido acceso de escritura con \u00e9xito al sistema subyacente (a trav\u00e9s de otro exploit hipot\u00e9tico) para evitar el sistema de verificaci\u00f3n de integridad de archivos."}], "lastModified": "2024-08-22T14:36:31.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B26D3CC8-B77D-4C5C-B3AC-096679F47877", "versionEndIncluding": "6.4.15", "versionStartIncluding": "6.4.13"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F754A050-02F5-4848-9065-5E15117B227E", "versionEndExcluding": "7.0.15", "versionStartIncluding": "7.0.12"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14113139-B64B-4069-A88F-D1999ED7EC18", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.5"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FDDB5F3-D229-4208-9110-8860A03C8B59", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}