CVE-2024-36505: Real-time file system integrity checking write protection bypass
First published: Tue Aug 13 2024(Updated: )
An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS | >=7.4.0<=7.4.3 | |
| Fortinet FortiOS | >=7.2.5<=7.2.7 | |
| Fortinet FortiOS | >=7.0.12<=7.0.14 | |
| Fortinet FortiOS | >=6.4.13<=6.4.15 | |
| Fortinet FortiOS | >=6.4.13<=6.4.15 | |
| Fortinet FortiOS | >=7.0.12<7.0.15 | |
| Fortinet FortiOS | >=7.2.5<7.2.8 | |
| Fortinet FortiOS | >=7.4.0<7.4.4 |
Remedy
Please upgrade to FortiOS version 7.4.4 or above Please upgrade to FortiOS version 7.2.8 or above Please upgrade to FortiOS version 7.0.15 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2024-36505
- agent/first-publish-date
- collector/fortiguard-psirt
- agent/software-canonical-lookup
- agent/title
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/weakness
- agent/type
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortios
- version/fortinet fortios/7.4.0
- version/fortinet fortios/7.4.3
- version/fortinet fortios/7.2.5
- version/fortinet fortios/7.2.7
- version/fortinet fortios/7.0.12
- version/fortinet fortios/7.0.14
- version/fortinet fortios/6.4.13
- version/fortinet fortios/6.4.15