Improper Access Control in FortiExtender Could Lead to Elevated Privileges
CVE-2024-23663
8.8HIGH
What is CVE-2024-23663?
An improper access control vulnerability in Fortinet FortiExtender versions 4.1.1 to 4.1.9, 4.2.0 to 4.2.6, 5.3.2, 7.0.0 to 7.0.4, 7.2.0 to 7.2.4, and 7.4.0 to 7.4.2 can be exploited by attackers to create users with elevated privileges. This vulnerability arises from a failure to adequately control access rights, allowing unauthorized alteration of user roles through specially crafted HTTP requests.