Brute Force Attack Through Change Password Endpoint
CVE-2024-45327

7.5HIGH

Key Information:

Vendor: Fortinet
Status: Fortisoar
Vendor: CVE Published:; 11 September 2024

What is CVE-2024-45327?

FortiSOAR, a security orchestration tool by Fortinet, contains an improper authorization vulnerability that may be exploited by authenticated attackers. This flaw exists within the change password endpoint across multiple versions, including 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, and 7.0.0 through 7.0.3. Attackers can leverage this vulnerability to conduct brute force password attacks through specially crafted HTTP requests, posing significant risks to user and administrator credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiSOAR 7.4.0 <= 7.4.3

FortiSOAR 7.3.0 <= 7.3.2

FortiSOAR 7.2.0 <= 7.2.2

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-048

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Aug 27, 2024

JSON

Fortinet

What is CVE-2024-45327?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.