CVE-2024-23667

Summary

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWebManager7.2.0affected
FortinetFortiWebManager7.0.0 <= 7.0.4affected
FortinetFortiWebManager6.3.0affected
FortinetFortiWebManager6.2.3 <= 6.2.4affected
FortinetFortiWebManager6.0.2affected

Weaknesses

  • CWE-285: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References