CVE-2024-23107

Summary

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.4.0affected
FortinetFortiWeb7.2.0 <= 7.2.4affected
FortinetFortiWeb7.0.0 <= 7.0.8affected
FortinetFortiWeb6.3.0 <= 6.3.23affected

Weaknesses

  • CWE-200: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References