CVE-2024-23665

CVE Database · CVE-2024-23665

CVE-2024-23665

· MEDIUMAnalyzed

CVSS v3.1

5.9

EPSS

0.49%

Published

Jun 3, 2024

Modified

Dec 17, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

Weaknesses (CWE)

CWE-285

Affected Products (5)

fortinet · fortiwebvulnerable

fortinet · fortiweb (up to 7.2.8)vulnerable

fortinet · fortiweb (up to 7.4.3)vulnerable

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-23-474

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-23-474

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs