CVE-2024-23667 | Fortinet FortiWebManager up to 6.0.2/6.2.4/6.3.0/7.0.4/7.2.0 HTTP Request Handler/CLI improper authorization (FG-IR-23-222)

Inserito da Angelo Barbosa | Giu 3, 2024 | CVE

A vulnerability classified as critical was found in Fortinet FortiWebManager up to 6.0.2/6.2.4/6.3.0/7.0.4/7.2.0. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler/CLI. The manipulation leads to improper authorization.

This vulnerability is known as CVE-2024-23667. Local access is required to approach this attack. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-23667 | Fortinet FortiWebManager up to 6.0.2/6.2.4/6.3.0/7.0.4/7.2.0 HTTP Request Handler/CLI improper authorization (FG-IR-23-222)

Post correlati

CVE-2024-7998 | Octopus Server prior 2024.1.12931/2024.2.9313 OIDC Cookie session expiration

CVE-2024-49592 | McAfee Trial Installer 16.0.53 access control

CVE-2024-8796 | Devise-Two-Factor up to 5.x Multi-Factor Authentication Code entropy

CVE-2024-10920 | mariazevedo88 travels-java-api up to 5.0.1 JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key