CVE-2024-33510

Published: Nov 12, 2024Modified: Jan 17, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.

Affected (5)

Products: Fortinet: Fortios, Fortiproxy

Fortinet

2 products

Fortios

Fortiproxy

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 7.0.0 to 7.2.9
Fortinet Fortios	From 7.4.0 to 7.4.4
Fortinet Fortiproxy	From 7.0.0 to 7.0.17
Fortinet Fortiproxy	From 7.2.0 to 7.2.10
Fortinet Fortiproxy	From 7.4.0 to 7.4.4

Related CWEs

CWE-358

Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-033

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.