Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-46671. PoCs published by ixec-lab.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-46671, targeting FortiWeb systems. The exploit deletes widgets and creates a new admin account with no password after a reboot, leveraging authentication bypass and arbitrary account deletion vulnerabilities.
Description
An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.
Exploits (1)
This repository contains a functional exploit for CVE-2024-46671, targeting FortiWeb systems. The exploit deletes widgets and creates a new admin account with no password after a reboot, leveraging authentication bypass and arbitrary account deletion vulnerabilities.
References (1)
Scores
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H