CVE-2024-54020: 
Fortinet FortiManager vulnerability analysis and mitigation

A missing authorization vulnerability (CVE-2024-54020) was discovered in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7. The vulnerability was initially disclosed on May 13, 2025, and affects the GUI component of FortiManager. This security issue allows an authenticated attacker to overwrite global threat feeds via crafted update requests (Fortinet PSIRT, NVD).

The vulnerability is classified as a Missing Authorization issue [CWE-862] that specifically affects the GUI component of FortiManager. It has been assigned a CVSS v3.1 base score of 2.3 (LOW) with a vector string of CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N. This scoring indicates local access is required, the attack complexity is low, high privileges are needed, no user interaction is necessary, and there is a low impact on integrity with no impact on confidentiality or availability (NVD).

The vulnerability's impact is considered low due to the high privilege requirement for exploitation. When successfully exploited, it allows an authenticated attacker to overwrite global threat feeds through crafted update requests, potentially affecting the integrity of threat intelligence data (Fortinet PSIRT).

Fortinet has released patches to address this vulnerability. Users of FortiManager 7.2.0-7.2.1 should upgrade to version 7.2.2 or above, while users of FortiManager 7.0.0-7.0.7 should upgrade to version 7.0.8 or above. It's worth noting that FortiManager versions 7.4 and 7.6 are not affected by this vulnerability (Fortinet PSIRT).