CVE-2024-23665Improper Authorization in Fortinet Fortiweb

CWE-285Improper Authorization4 documents4 sources
Severity
8.8HIGHNVD
CNA5.9
EPSS
0.3%
top 49.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedJun 3

Description

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb7.2.07.2.8+4
CVEListV5fortinet/fortiweb7.4.07.4.2+4

🔴Vulnerability Details

2
GHSA
GHSA-3w6g-f9jc-r7cv: Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 72024-06-03
CVEList
CVE-2024-23665: Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 72024-06-03

📋Vendor Advisories

1
Fortinet
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below,...2024-06-03
CVE-2024-23665 — Improper Authorization in Fortinet | cvebase