CVE-2024-23664

Summary

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAuthenticator6.6.0affected
FortinetFortiAuthenticator6.5.0 <= 6.5.3affected
FortinetFortiAuthenticator6.4.0 <= 6.4.9affected

Weaknesses

  • CWE-601: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References