CVE-2024-23665

Published: Jun 3, 2024Modified: Dec 17, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.

Affected (5)

Products: Fortinet: Fortiweb

Fortinet

1 product

Fortiweb

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiweb	From 6.3.0 to 6.3.23
Fortinet Fortiweb	From 6.4.0 to 6.4.3
Fortinet Fortiweb	From 7.0.0 to 7.0.10
Fortinet Fortiweb	From 7.2.0 to 7.2.8
Fortinet Fortiweb	From 7.4.0 to 7.4.3

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-23-474

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-23-474

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.