8.8
CVE-2024-23666
- EPSS 8.31%
- Published 12.11.2024 19:15:07
- Last modified 21.01.2025 22:04:37
- Source psirt@fortinet.com
- Teams watchlist Login
- Open Login
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.
Data is provided by the National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 6.4.0 < 6.4.15
Fortinet ≫ Fortianalyzer Version >= 7.0.0 < 7.0.13
Fortinet ≫ Fortianalyzer Version >= 7.2.0 < 7.2.6
Fortinet ≫ Fortianalyzer Version >= 7.4.0 < 7.4.3
Fortinet ≫ Fortianalyzer Big Data Version >= 6.2.1 < 7.2.7
Fortinet ≫ Fortianalyzer Big Data Version7.4.0
Fortinet ≫ Fortimanager Version >= 6.4.0 < 6.4.15
Fortinet ≫ Fortimanager Version >= 7.0.0 < 7.0.13
Fortinet ≫ Fortimanager Version >= 7.2.0 < 7.2.6
Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.31% | 0.919 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-602 Client-Side Enforcement of Server-Side Security
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.