CVE-2024-23104

Summary

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests

Affected Software

VendorProductVersion RangeStatus
FortinetFortiVoice7.0.0 <= 7.0.1affected
FortinetFortiNDR7.6.0affected
FortinetFortiNDR7.4.0 <= 7.4.8affected
FortinetFortiNDR7.2.0 <= 7.2.5affected
FortinetFortiNDR7.1.0 <= 7.1.1affected
FortinetFortiNDR7.0.0 <= 7.0.7affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References