CVE-2024-23107
MEDIUMFortiWeb 6.3.0-6.3.22, 7.0.0-7.0.8, 7.2.0-7.2.4, 7.4.0 - Authenticated Password Hash Exposure via CLI Commands
Title source: llmDescription
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-191
Scores
CVSS v3
5.5
EPSS
0.0014
EPSS Percentile
32.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-200
Status
published
Products (2)
fortinet/fortiweb
7.4.0
fortinet/fortiweb
6.3.0 - 6.3.23
Published
Jun 03, 2024
Tracked Since
Feb 18, 2026