8.8
CVE-2024-23666
- EPSS 8.31%
- Veröffentlicht 12.11.2024 19:15:07
- Zuletzt bearbeitet 21.01.2025 22:04:37
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 6.4.0 < 6.4.15
Fortinet ≫ Fortianalyzer Version >= 7.0.0 < 7.0.13
Fortinet ≫ Fortianalyzer Version >= 7.2.0 < 7.2.6
Fortinet ≫ Fortianalyzer Version >= 7.4.0 < 7.4.3
Fortinet ≫ Fortianalyzer Big Data Version >= 6.2.1 < 7.2.7
Fortinet ≫ Fortianalyzer Big Data Version7.4.0
Fortinet ≫ Fortimanager Version >= 6.4.0 < 6.4.15
Fortinet ≫ Fortimanager Version >= 7.0.0 < 7.0.13
Fortinet ≫ Fortimanager Version >= 7.2.0 < 7.2.6
Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.31% | 0.919 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-602 Client-Side Enforcement of Server-Side Security
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.