CVE-2024-33505

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests

Published: Nov 12, 2024
Updated: May 4, 2025
CVE: CVE-2024-33505
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortimanager	7.4.0	7.4.3
fortinet / fortianalyzer	7.4.0	7.4.3
fortinet / fortianalyzer	6.4.0	7.2.6
fortinet / fortimanager_cloud	7.4.1	7.4.3
fortinet / fortimanager_cloud	6.4.1	7.2.7
fortinet / fortimanager	6.0.0	7.2.7

https://fortiguard.fortinet.com/psirt/FG-IR-24-125

Vulnerability Database

289,784

CVE-2024-33505