Unauthorized Access to Sensitive Information in FortiWeb Products
CVE-2024-23107

5.5MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortiweb
Vendor
CVE Published:
3 June 2024

What is CVE-2024-23107?

A vulnerability exists in FortiWeb, a web application firewall by Fortinet, where authenticated attackers can exploit an information exposure flaw. This vulnerability may permit attackers to access sensitive password hashes of other administrators through CLI commands. Affected are multiple versions, thereby highlighting significant security implications for organizations relying on this firewall solution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiWeb 7.4.0

FortiWeb 7.2.0 <= 7.2.4

FortiWeb 7.0.0 <= 7.0.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-191

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.