{"vulnerability": "CVE-2024-3350", "sightings": [{"uuid": "f30255b7-d338-4d16-968e-4fc874f34de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33506", "type": "seen", "source": "https://t.me/cvedetector/7365", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-33506 - FortiManager Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-33506 \nPublished : Oct. 8, 2024, 3:15 p.m. | 31\u00a0minutes ago \nDescription : An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T17:53:16.000000Z"}, {"uuid": "8f54a28b-39a8-4a8a-9381-ebd2d9adc960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33508", "type": "seen", "source": "https://t.me/cvedetector/5246", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-33508 - Fortinet FortiClientEMS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-33508 \nPublished : Sept. 10, 2024, 3:15 p.m. | 45\u00a0minutes ago \nDescription : An improper neutralization of special elements used in a command\u00a0('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T18:25:15.000000Z"}, {"uuid": "7be8b3e1-dcd2-49e6-afd5-38cdcac85cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33509", "type": "seen", "source": "https://t.me/cvedetector/376", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-33509 - An improper certificate validation vulnerability [\", \n  \"Content\": \"CVE ID : CVE-2024-33509 \nPublished : July 9, 2024, 4:15 p.m. | 37\u00a0minutes ago \nDescription : An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF). \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T18:57:59.000000Z"}, {"uuid": "6d1c9db6-cb78-4769-9b7c-861eea42a332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33505", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113471621703891497", "content": "", "creation_timestamp": "2024-11-12T19:25:40.987400Z"}, {"uuid": "73b2dff9-4e2f-4157-8560-f8402ca38221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33502", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827237097343216", "content": "", "creation_timestamp": "2025-01-14T14:43:21.049194Z"}, {"uuid": "32e7f065-6d65-4d64-bf4c-606fcc3e6f23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33503", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827296094196944", "content": "", "creation_timestamp": "2025-01-14T14:58:21.192185Z"}, {"uuid": "d4262a69-b9a0-4d1f-80cb-c393558ee4b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33504", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113986167652495803", "content": "", "creation_timestamp": "2025-02-11T16:21:28.825311Z"}, {"uuid": "1fd5ea1c-5b1f-4a11-9ed3-450f7cd7b3e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33504", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhw5xvumyc2z", "content": "", "creation_timestamp": "2025-02-11T17:16:20.331764Z"}, {"uuid": "356db3a3-3c14-4467-a233-50259d3c9b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33504", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113986497919466758", "content": "", "creation_timestamp": "2025-02-11T17:45:29.489103Z"}, {"uuid": "00f6ae93-ce2f-41f0-b90c-331f72e27c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33501", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-8eaa21ec-de6847694340d6ba", "content": "", "creation_timestamp": "2025-03-14T07:37:36.232765Z"}, {"uuid": "4a5d7309-d4ac-4b36-b407-9c1342fd5def", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33501", "type": "seen", "source": "https://t.me/cvedetector/20101", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-33501 - Fortinet FortiAnalyzer/FortiManager/FortiAnalyzer-BigData SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-33501 \nPublished : March 11, 2025, 3:15 p.m. | 1\u00a0hour ago \nDescription : Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker\u00a0to execute unauthorized code or commands via specifically crafted CLI requests. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T17:37:51.000000Z"}, {"uuid": "8d6e8374-6bd5-4e52-83c9-e04f5cd61996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-3350", "type": "seen", "source": "Telegram/NHaetfsXAWV-ysWI7vilrQ9aDE5s__50AtKYNE4LkPBHHHYk", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "a9fc199f-b695-4d19-b879-1c90f2e71bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33502", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113827355879730690", "content": "", "creation_timestamp": "2025-01-14T15:13:33.726870Z"}, {"uuid": "869593ff-fd50-45d0-91f1-ea55bed28100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33502", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpguzhacu2p", "content": "", "creation_timestamp": "2025-01-14T14:16:45.679208Z"}, {"uuid": "236e0ff6-f6de-42bb-8bff-4ade11b750e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33505", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/095373a5-9369-47a8-addc-a3cc46dc2b41", "content": "", "creation_timestamp": "2024-11-13T15:13:17.127651Z"}, {"uuid": "3c04bf6b-fb36-43f0-8c97-1f0c1d7b511a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33503", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1620", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-33503\n\ud83d\udd39 Description: A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands\n\ud83d\udccf Published: 2025-01-14T14:09:33.613Z\n\ud83d\udccf Modified: 2025-01-14T20:54:57.869Z\n\ud83d\udd17 References:\n1. https://fortiguard.fortinet.com/psirt/FG-IR-24-127", "creation_timestamp": "2025-01-14T21:11:48.000000Z"}, {"uuid": "e5fd1c59-f42c-413d-99d7-1f152b2ae7c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33502", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1771", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-33502\n\ud83d\udd39 Description: An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.\n\ud83d\udccf Published: 2025-01-14T14:09:50.493Z\n\ud83d\udccf Modified: 2025-01-15T14:54:27.861Z\n\ud83d\udd17 References:\n1. https://fortiguard.fortinet.com/psirt/FG-IR-24-143", "creation_timestamp": "2025-01-15T15:10:53.000000Z"}, {"uuid": "36c3b39c-b242-4931-987e-c988d16d2c9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33503", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpgv3qe4n2h", "content": "", "creation_timestamp": "2025-01-14T14:16:48.198127Z"}, {"uuid": "0b00d794-f322-45dc-b7cf-3d1c96b79c1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33504", "type": "seen", "source": "https://t.me/cvedetector/17727", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-33504 - FortiManager Hard-Coded Cryptographic Key Encryption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-33504 \nPublished : Feb. 11, 2025, 5:15 p.m. | 58\u00a0minutes ago \nDescription : A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T19:53:00.000000Z"}]}