#VU109034 Missing authorization in FortiManager - CVE-2024-54020
Published: May 13, 2025
Vulnerability identifier: #VU109034
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-54020
CWE-ID: CWE-862
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
FortiManager
FortiManager
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to missing authorization of global threat feeds. An authenticated attacker can overwrite global threat feeds via crafted update requests.
Remediation
Install update from vendor's website.