CVE-2024-23664

CVE Database · CVE-2024-23664

CVE-2024-23664

· MEDIUMAnalyzed

CVSS v3.1

6.1

EPSS

0.35%

Published

Jun 3, 2024

Modified

Jan 21, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-601

Affected Products (2)

fortinet · fortiauthenticator (up to 6.5.4)vulnerable

fortinet · fortiauthenticatorvulnerable

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-23-465

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-23-465

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs