CVE-2024-36505: 
FortiOS vulnerability analysis and mitigation

An improper access control vulnerability (CWE-284) was discovered in FortiOS versions 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14, and 6.4.x. The vulnerability, tracked as CVE-2024-36505, was internally discovered and reported by Wilfried Djettchou of the Fortinet Product Security team (Fortinet PSIRT).

The vulnerability has been assigned a CVSSv3 score of 4.7, indicating medium severity. It specifically affects the file integrity checking system in FortiOS. The issue stems from improper access control implementation that could potentially allow bypass of the file integrity checking system (Fortinet PSIRT).

If exploited, this vulnerability would allow an attacker who has already successfully obtained write access to the underlying system (through another hypothetical exploit) to bypass the file integrity checking system. This could potentially compromise the integrity of system files (Fortinet PSIRT, Cyber Security News).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to the following versions: FortiOS 7.4.4 or above for 7.4.x versions, FortiOS 7.2.8 or above for 7.2.x versions, FortiOS 7.0.15 or above for 7.0.x versions, and users of FortiOS 6.4.x should migrate to a fixed release (Fortinet PSIRT).