CVE-2024-23105

Summary

A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiPortal7.2.0 <= 7.2.1affected
FortinetFortiPortal7.0.0 <= 7.0.6affected

Weaknesses

  • CWE-348: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References