Fortinet FortiOS Information Disclosure Vulnerability

CVE-2024-23662

7.5HIGH

Key Information

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 9 April 2024

Summary

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.

Affected Version(s)

FortiOS <= 7.4.1

FortiOS <= 7.2.5

FortiOS <= 7.0.15

Refferences

https://fortiguard.com/psirt/FG-IR-23-224

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Jan 19, 2024

Collectors

NVD DatabaseMitre Database