CVE-2024-23664Open Redirect in Fortinet Fortiauthenticator

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 43.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiauthenticator
Timeline
PublishedJun 3

Description

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDfortinet/fortiauthenticator6.4.06.5.4+1
CVEListV5fortinet/fortiauthenticator6.5.06.5.3+2

🔴Vulnerability Details

2
CVEList
CVE-2024-23664: A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 62024-06-03
GHSA
GHSA-xr47-8jmm-28wq: A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 62024-06-03

📋Vendor Advisories

1
Fortinet
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and be...2024-06-03
CVE-2024-23664 — Open Redirect in Fortinet | cvebase