Unauthorized Access to Sensitive Information in FortiWeb Products
CVE-2024-23107

5.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiweb
Vendor: CVE Published:; 3 June 2024

Summary

A vulnerability exists in FortiWeb, a web application firewall by Fortinet, where authenticated attackers can exploit an information exposure flaw. This vulnerability may permit attackers to access sensitive password hashes of other administrators through CLI commands. Affected are multiple versions, thereby highlighting significant security implications for organizations relying on this firewall solution.

Affected Version(s)

FortiWeb 7.4.0

FortiWeb 7.2.0 <= 7.2.4

FortiWeb 7.0.0 <= 7.0.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-191

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2024
Vulnerability Reserved
Jan 11, 2024

Collectors

NVD DatabaseMitre Database