6.1
CVE-2024-23664
- EPSS 0.33%
- Veröffentlicht 03.06.2024 10:15:12
- Zuletzt bearbeitet 21.01.2025 21:53:28
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
LoginA URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortiauthenticator Version >= 6.4.0 < 6.5.4
Fortinet ≫ Fortiauthenticator Version6.6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.556 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| psirt@fortinet.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.