Brute Force Attack Through Change Password Endpoint
CVE-2024-45327
7.5HIGH
What is CVE-2024-45327?
FortiSOAR, a security orchestration tool by Fortinet, contains an improper authorization vulnerability that may be exploited by authenticated attackers. This flaw exists within the change password endpoint across multiple versions, including 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, and 7.0.0 through 7.0.3. Attackers can leverage this vulnerability to conduct brute force password attacks through specially crafted HTTP requests, posing significant risks to user and administrator credentials.
Affected Version(s)
FortiSOAR 7.4.0 <= 7.4.3
FortiSOAR 7.3.0 <= 7.3.2
FortiSOAR 7.2.0 <= 7.2.2