CVE-2024-23665

Summary

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.4.0 <= 7.4.2affected
FortinetFortiWeb7.2.0 <= 7.2.7affected
FortinetFortiWeb7.0.0 <= 7.0.10affected
FortinetFortiWeb6.4.0 <= 6.4.3affected
FortinetFortiWeb6.3.0 <= 6.3.23affected

Weaknesses

  • CWE-285: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References