Privilege Escalation Vulnerability in Fortinet FortiAnalyzer (CVE-2024-45330)

Filip Dimitrov

October 10, 2024

Summary:
A new vulnerability, CVE-2024-45330, has been found in Fortinet FortiAnalyzer and FortiAnalyzer Cloud (versions 7.4.0 – 7.4.3 and 7.2.2 – 7.2.5). This bug could let attackers escalate privileges using an exploit in the fazsvcd daemon. Fortinet has already released patches to tackle this issue, so you should act quickly and update your software to prevent being targeted.

Details:
The vulnerability comes from a format string bug (CWE-134) in the fazsvcd daemon. If an attacker has admin-level access, they can send specially crafted requests that could lead to privilege escalation or, even worse, running arbitrary commands on your system. In other words, exploitation of this vulnerability means unauthorized access, potentially leading to a total system takeover. 

The vulnerability was internally discovered by Fortigate’s product security teams, so cases of it being exploited in the wild are currently unknown.

What Versions are Affected?

  • FortiAnalyzer: 7.4.0 through 7.4.3
  • FortiAnalyzer Cloud: 7.4.1 through 7.4.3
  • FortiAnalyzer: 7.2.2 through 7.2.5
  • FortiAnalyzer Cloud: 7.2.2 through 7.2.6

Severity:

  • CVSSv3 Score: 6.8 (Medium)
  • Access Vector: Remote
  • Attack Complexity: Low

Potential Impact:

  • Escalation of privileges
  • Potential arbitrary code or command execution

Mitigation:
Fortinet has issued patches to address this vulnerability in the following versions:

  • FortiAnalyzer: Upgrade to version 7.4.4 or above.
  • FortiAnalyzer Cloud: Upgrade to version 7.4.4 or above.
  • FortiAnalyzer 7.2.x: Upgrade to version 7.2.6 or above.
  • FortiAnalyzer Cloud 7.2.x: Upgrade to version 7.2.7 or above.

Administrators should update to the latest patched versions as soon as possible to mitigate potential exploitation. 

Reviewing access permissions and restricting unnecessary admin-level access will also help to limit attack vectors.

Next Steps:

  1. Apply Security Patches: Upgrade FortiAnalyzer and FortiAnalyzer Cloud to the latest versions (7.4.4 or 7.2.6 and above) as soon as possible
  2. Monitor Network Traffic: Regularly monitor logs for any suspicious or unauthorized requests that may indicate exploitation attempts.
  3. Limit Admin Access: If possible, restrict admin access to minimize the risk until you’ve applied the patches.

For further information, please refer to Fortinet’s official advisory here.

Stay Secure. Stay Informed.

OP Innovate Research Team.