Injection Vulnerability in FortiOS and FortiProxy Products by Fortinet
CVE-2024-33510

4.3MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS; Fortiproxy
Vendor: CVE Published:; 12 November 2024

Summary

An improper neutralization of special elements in output used by a downstream component vulnerability exists in specific versions of FortiOS and FortiProxy, which allows an unauthenticated remote attacker to craft malicious requests. This could lead to phishing attempts via the SSL-VPN web user interface, potentially compromising sensitive information.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-033

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024