Missing authorization in FortiManager - CVE-2024-54020
Published: May 13, 2025
Vulnerability identifier: #VU109034
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-54020
CWE-ID: CWE-862
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
FortiManager
FortiManager
Detailed vulnerability description
The vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to missing authorization of global threat feeds. An authenticated attacker can overwrite global threat feeds via crafted update requests.
How to mitigate CVE-2024-54020
Install update from vendor's website.