{"api_version":"1","generated_at":"2026-07-15T12:06:40+00:00","cve":"CVE-2024-33503","urls":{"html":"https://cve.report/CVE-2024-33503","api":"https://cve.report/api/cve/CVE-2024-33503.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-33503","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-33503"},"summary":{"title":"CVE-2024-33503","description":"A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands","state":"PUBLISHED","assigner":"fortinet","published_at":"2025-01-14 14:15:29","updated_at":"2026-07-08 14:16:51"},"problem_types":["CWE-266","NVD-CWE-noinfo","CWE-266 Escalation of privilege"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"psirt@fortinet.com","type":"Secondary","score":"6.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C","version":"3.1"}}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-127","name":"https://fortiguard.fortinet.com/psirt/FG-IR-24-127","refsource":"psirt@fortinet.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-33503","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33503","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Fortinet","product":"FortiManager Cloud","version":"affected 7.4.1 7.4.3 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiManager Cloud","version":"affected 7.2.1 7.2.6 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiManager Cloud","version":"affected 7.0.1 7.0.13 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiManager","version":"affected 7.4.0 7.4.3 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiManager","version":"affected 7.2.0 7.2.5 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiManager","version":"affected 7.0.0 7.0.16 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiManager","version":"affected 6.4.0 6.4.15 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to FortiManager Cloud version 7.4.4 or above\nUpgrade to FortiManager Cloud version 7.2.7 or above\nUpgrade to FortiAnalyzer Cloud version 7.4.3 or above\nUpgrade to FortiAnalyzer Cloud version 7.2.7 or above\nUpgrade to FortiManager version 7.6.0 or above\nUpgrade to FortiManager version 7.4.4 or above\nUpgrade to FortiManager version 7.2.6 or above\nUpgrade to FortiAnalyzer version 7.4.4 or above\nUpgrade to FortiAnalyzer version 7.2.6 or above","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"33503","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortianalyzer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-33503","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-01-14T15:16:33.256242Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-01-14T20:54:57.869Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiManager Cloud","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.4.3","status":"affected","version":"7.4.1","versionType":"semver"},{"lessThanOrEqual":"7.2.6","status":"affected","version":"7.2.1","versionType":"semver"},{"lessThanOrEqual":"7.0.13","status":"affected","version":"7.0.1","versionType":"semver"}]},{"cpes":["cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiManager","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.4.3","status":"affected","version":"7.4.0","versionType":"semver"},{"lessThanOrEqual":"7.2.5","status":"affected","version":"7.2.0","versionType":"semver"},{"lessThanOrEqual":"7.0.16","status":"affected","version":"7.0.0","versionType":"semver"},{"lessThanOrEqual":"6.4.15","status":"affected","version":"6.4.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-266","description":"Escalation of privilege","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-08T12:59:10.104Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-24-127","url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-127"}],"solutions":[{"lang":"en","value":"Upgrade to FortiManager Cloud version 7.4.4 or above\nUpgrade to FortiManager Cloud version 7.2.7 or above\nUpgrade to FortiAnalyzer Cloud version 7.4.3 or above\nUpgrade to FortiAnalyzer Cloud version 7.2.7 or above\nUpgrade to FortiManager version 7.6.0 or above\nUpgrade to FortiManager version 7.4.4 or above\nUpgrade to FortiManager version 7.2.6 or above\nUpgrade to FortiAnalyzer version 7.4.4 or above\nUpgrade to FortiAnalyzer version 7.2.6 or above"}]}},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2024-33503","datePublished":"2025-01-14T14:09:33.613Z","dateReserved":"2024-04-23T14:18:29.830Z","dateUpdated":"2026-07-08T12:59:10.104Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-01-14 14:15:29","lastModifiedDate":"2026-07-08 14:16:51","problem_types":["CWE-266","NVD-CWE-noinfo","CWE-266 Escalation of privilege"],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-14T15:16:33.256242Z","id":"CVE-2024-33503","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"E6F162A7-0D01-43E0-99D8-D7B87B080853"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.2.7","matchCriteriaId":"38BFF3B9-3927-4B15-A573-4EDB20362841"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.3","matchCriteriaId":"40C3665B-3E49-4D0C-B924-266D49F1E510"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"71CC4AA3-04CC-49CA-A012-E28C4D1F11DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3AE9CAFD-5D5B-4799-8690-624225963595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndExcluding":"7.2.7","matchCriteriaId":"75DA0ED6-C606-4763-A7B0-575F8061237A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"33503","Ordinal":"1","Title":"CVE-2024-33503","CVE":"CVE-2024-33503","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"33503","Ordinal":"1","NoteData":"A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands","Type":"Description","Title":"CVE-2024-33503"}]}}}