Sensitive Information Exposure in FortiWeb by Fortinet
CVE-2024-36509

4.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiweb
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability exists in FortiWeb that allows an authenticated attacker to access sensitive system information, specifically the encrypted passwords of other administrators, through the 'Log Access Event' logs page. This exposure of sensitive information can lead to unauthorized control over administrative accounts, posing significant risks to system integrity and security.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-180

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024