CVE-2024-23666

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23666
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-23-396 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
History

21 Jan 2025, 22:04

Type Values Removed Values Added
References () https://fortiguard.fortinet.com/psirt/FG-IR-23-396 - () https://fortiguard.fortinet.com/psirt/FG-IR-23-396 - Vendor Advisory
First Time Fortinet fortianalyzer
Fortinet
Fortinet fortianalyzer Big Data
Fortinet fortimanager
CPE cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:*
CWE NVD-CWE-Other

13 Nov 2024, 17:01

Type Values Removed Values Added
Summary
  • (es) Una aplicación del lado del cliente de la seguridad del lado del servidor en Fortinet FortiAnalyzer-BigData al menos en las versiones 7.4.0 y 7.2.0 a 7.2.6 y 7.0.1 a 7.0.6 y 6.4.5 a 6.4.7 y 6.2.5, FortiManager versión 7.4.0 a 7.4.1 y 7.2.0 a 7.2.4 y 7.0.0 a 7.0.11 y 6.4.0 a 6.4.14, FortiAnalyzer versión 7.4.0 a 7.4.1 y 7.2.0 a 7.2.4 y 7.0.0 a 7.0.11 y 6.4.0 a 6.4.14 permite a un atacante realizar un control de acceso indebido a través de solicitudes manipuladas.

12 Nov 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-12 19:15

Updated : 2025-01-21 22:04

NVD link : CVE-2024-23666

Mitre link : CVE-2024-23666

CVE.ORG link : CVE-2024-23666

JSON object : View

Products Affected

fortinet

  • fortianalyzer_big_data
  • fortianalyzer
  • fortimanager
CWE
CWE-602

Client-Side Enforcement of Server-Side Security

NVD-CWE-Other