CVE-2024-23107Sensitive Information Exposure in Fortinet Fortiweb

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 60.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedJun 3

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiweb7.0.07.0.9+3
CVEListV5fortinet/fortiweb7.2.07.2.4+3

🔴Vulnerability Details

2
GHSA
GHSA-qw8c-jpj8-7mxc: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 72024-06-03
CVEList
CVE-2024-23107: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 72024-06-03

📋Vendor Advisories

1
Fortinet
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version...2024-06-03
CVE-2024-23107 — Sensitive Information Exposure | cvebase