CVE-2024-23669

CWE-20Improper Input ValidationCWE-863Incorrect AuthorizationCWE-2854 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 49.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiwebmanager
Timeline
PublishedJun 5

Description

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiwebmanager6.2.36.2.5+4
CVEListV5fortinet/fortiwebmanager7.0.07.0.4+4

🔴Vulnerability Details

2
GHSA
GHSA-2vp4-2rgc-wf9w: An improper authorization in Fortinet FortiWebManager version 72024-06-05
CVEList
CVE-2024-23669: An improper authorization in Fortinet FortiWebManager version 72024-06-05

📋Vendor Advisories

1
Fortinet
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through...2024-06-03
CVE-2024-23669 (HIGH CVSS 8.8) | An improper authorization in Fortin | cvebase.io