CVE-2024-23663
published 2024-07-09CVE-2024-23663: An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiextender | — | — |
| fortinet | fortiextender | 7.0.0 – 7.0.4 | — |
| fortinet | fortiextender | 7.2.0 – 7.2.4 | — |
| fortinet | fortiextender | 7.4.0 – 7.4.2 | — |
| fortinet | fortiextender_firmware | — | — |
| fortinet | fortiextender_firmware | 4.1.1 – 4.1.9 | — |
| fortinet | fortiextender_firmware | 4.2.0 – 4.2.6 | — |
| fortinet | fortiextender_firmware | 7.0.0 – 7.0.4 | — |
| fortinet | fortiextender_firmware | 7.2.0 – 7.2.4 | — |
| fortinet | fortiextender_firmware | 7.4.0 – 7.4.2 | — |
| fortinet | fortiextenderfirmware | — | — |
| fortinet | fortinet | — | — |