CVE-2024-23666

HIGH

Fortinet FortiAnalyzer-BigData <7.4.1 - Info Disclosure

Title source: llm

Description

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.

Exploits (1)

nomisec WORKING POC 6 stars

by synacktiv · poc

https://github.com/synacktiv/CVE-2023-42791_CVE-2024-23666

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-23-396

Scores

CVSS v3 7.5

EPSS 0.0813

EPSS Percentile 92.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-602

Status published

Products (4)

fortinet/fortianalyzer 6.4.0 - 6.4.15

fortinet/fortianalyzer_big_data 7.4.0

fortinet/fortianalyzer_big_data 6.2.1 - 7.2.7

fortinet/fortimanager 6.4.0 - 6.4.15

Published Nov 12, 2024

Tracked Since Feb 18, 2026