CVE-2024-33506

Published: Oct 8, 2024Modified: Jan 21, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.

Affected (2)

Products: Fortinet: Fortimanager

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortimanager	From 7.0.0 to 7.2.6
Fortinet Fortimanager	From 7.4.0 to 7.4.3

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-23-472

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.