CVE-2024-23670

CWE-285CWE-20Improper Input ValidationCWE-863Incorrect Authorization4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 57.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiwebmanager
Timeline
PublishedJun 3

Description

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiwebmanager6.2.36.2.5+4
CVEListV5fortinet/fortiwebmanager7.0.07.0.4+4

🔴Vulnerability Details

2
CVEList
CVE-2024-23670: An improper authorization in Fortinet FortiWebManager version 72024-06-03
GHSA
GHSA-r6jx-8gj3-p962: An improper authorization in Fortinet FortiWebManager version 72024-06-03

📋Vendor Advisories

1
Fortinet
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through...2024-06-03
CVE-2024-23670 (HIGH CVSS 8.8) | An improper authorization in Fortin | cvebase.io