CVE-2024-23666

CVE Database · CVE-2024-23666

CVE-2024-23666

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

2.74%

Published

Nov 12, 2024

Modified

Jan 21, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-602

Affected Products (10)

fortinet · fortianalyzer (up to 6.4.15)vulnerable

fortinet · fortianalyzer (up to 7.0.13)vulnerable

fortinet · fortianalyzer (up to 7.2.6)vulnerable

fortinet · fortianalyzer (up to 7.4.3)vulnerable

fortinet · fortianalyzer_big_data (up to 7.2.7)vulnerable

fortinet · fortianalyzer_big_datavulnerable

fortinet · fortimanager (up to 6.4.15)vulnerable

fortinet · fortimanager (up to 7.0.13)vulnerable

· fortimanager

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-23-396

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs