CVE-2024-23104

MEDIUM

FortiVoice 7.0.0-7.0.1 - Info Disclosure

Title source: llm

Description

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests

References (1)

Core 1

Core References

https://fortiguard.fortinet.com/psirt/FG-IR-26-124

Scores

CVSS v3 5.4

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (9)

fortinet/fortindr 7.6.0

Fortinet/FortiNDR 7.0.0 - 7.0.7

fortinet/fortindr 7.0.0 - 7.4.9

Fortinet/FortiNDR 7.1.0 - 7.1.1

Fortinet/FortiNDR 7.2.0 - 7.2.5

Fortinet/FortiNDR 7.4.0 - 7.4.8

Fortinet/FortiNDR 7.6.0

Fortinet/FortiVoice 7.0.0 - 7.0.1

fortinet/fortivoice 7.0.0 - 7.0.2

Published Apr 14, 2026

Tracked Since Apr 14, 2026