CVE-2024-23104 — Sensitive Information Exposure in Fortinet Fortindr

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 86.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortindr Fortinet Fortivoice

Timeline

PublishedApr 14

Description

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5fortinet/fortindr7.4.0 — 7.4.8+4

▶CVEListV5fortinet/fortivoice7.0.0 — 7.0.1

🔴Vulnerability Details

GHSA

GHSA-7w2c-xvm6-78cm: An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7↗2026-04-14

▶

CVEList

CVE-2024-23104: An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7↗2026-04-14

▶

📋Vendor Advisories

Fortinet

unauthorized backup file access↗2026-04-14

▶