CVE-2024-23668 — Improper Input Validation in Fortinet Fortiwebmanager

CWE-20 — Improper Input Validation CWE-285 — Improper Authorization CWE-863 — Incorrect Authorization4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiwebmanager

Timeline

PublishedJun 3

Description

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortiwebmanager6.2.3 — 6.2.5+4

▶CVEListV5fortinet/fortiwebmanager7.0.0 — 7.0.4+4

🔴Vulnerability Details

GHSA

GHSA-9mx7-jwm2-rg42: An improper authorization in Fortinet FortiWebManager version 7↗2024-06-03

▶

CVEList

CVE-2024-23668: An improper authorization in Fortinet FortiWebManager version 7↗2024-06-03

▶

📋Vendor Advisories

Fortinet

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through...↗2024-06-03

▶