Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-23663 (GCVE-0-2024-23663)
Vulnerability from cvelistv5 – Published: 2024-07-09 15:33 – Updated: 2024-08-01 23:06
VLAI
EPSS
Summary
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
Severity
CWE
- CWE-284 - Improper access control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiExtender |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.4 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiextender:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortiextender",
"vendor": "fortinet",
"versions": [
{
"lessThan": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThan": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThan": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T17:43:01.015107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T17:44:51.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-459",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiExtender",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T15:33:31.512Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-459",
"url": "https://fortiguard.com/psirt/FG-IR-23-459"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiExtender version 7.4.3 or above \nPlease upgrade to FortiExtender version 7.2.5 or above \nPlease upgrade to FortiExtender version 7.0.5 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-23663",
"datePublished": "2024-07-09T15:33:31.512Z",
"dateReserved": "2024-01-19T08:23:28.612Z",
"dateUpdated": "2024-08-01T23:06:25.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-23663",
"date": "2026-05-27",
"epss": "0.00697",
"percentile": "0.72171"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1.1\", \"versionEndIncluding\": \"4.1.9\", \"matchCriteriaId\": \"13C8C635-302D-4495-A0C0-069F08CA9CAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2.0\", \"versionEndIncluding\": \"4.2.6\", \"matchCriteriaId\": \"BC6A9F11-62C8-4A04-B1FC-795BD0D80EE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.4\", \"matchCriteriaId\": \"52A6C42E-B444-4E9D-8DDE-377FDF85FA68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2.0\", \"versionEndIncluding\": \"7.2.4\", \"matchCriteriaId\": \"57CACD11-5B17-4540-87AF-1B8730C84984\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.4.0\", \"versionEndIncluding\": \"7.4.2\", \"matchCriteriaId\": \"D22C31E2-F928-4244-A5CD-CF7F018A17F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortiextender_firmware:5.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CC2C9D3-01FD-4D5B-AE85-05B0CA6C99AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0617C1D-E321-409D-B54B-775E854A03C1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.\"}, {\"lang\": \"es\", \"value\": \"Un control de acceso inadecuado en Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 y 7.4.0 - 7.4.2 permite a un atacante crear usuarios con privilegios elevados a trav\\u00e9s de una solicitud HTTP manipulada.\"}]",
"id": "CVE-2024-23663",
"lastModified": "2024-11-21T08:58:07.203",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-07-09T16:15:04.593",
"references": "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-459\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-23-459\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-23663\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2024-07-09T16:15:04.593\",\"lastModified\":\"2024-11-21T08:58:07.203\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.\"},{\"lang\":\"es\",\"value\":\"Un control de acceso inadecuado en Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 y 7.4.0 - 7.4.2 permite a un atacante crear usuarios con privilegios elevados a trav\u00e9s de una solicitud HTTP manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.1\",\"versionEndIncluding\":\"4.1.9\",\"matchCriteriaId\":\"13C8C635-302D-4495-A0C0-069F08CA9CAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndIncluding\":\"4.2.6\",\"matchCriteriaId\":\"BC6A9F11-62C8-4A04-B1FC-795BD0D80EE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.4\",\"matchCriteriaId\":\"52A6C42E-B444-4E9D-8DDE-377FDF85FA68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.4\",\"matchCriteriaId\":\"57CACD11-5B17-4540-87AF-1B8730C84984\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndIncluding\":\"7.4.2\",\"matchCriteriaId\":\"D22C31E2-F928-4244-A5CD-CF7F018A17F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiextender_firmware:5.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CC2C9D3-01FD-4D5B-AE85-05B0CA6C99AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0617C1D-E321-409D-B54B-775E854A03C1\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-459\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-459\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23663\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-09T17:43:01.015107Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:fortinet:fortiextender:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortiextender\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"lessThan\": \"7.4.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"lessThan\": \"7.2.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.0.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-09T17:44:47.175Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiExtender\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.4\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.4\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiExtender version 7.4.3 or above \\nPlease upgrade to FortiExtender version 7.2.5 or above \\nPlease upgrade to FortiExtender version 7.0.5 or above \\n\"}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-459\", \"name\": \"https://fortiguard.com/psirt/FG-IR-23-459\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper access control\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2024-07-09T15:33:31.512Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-23663\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-09T17:44:51.463Z\", \"dateReserved\": \"2024-01-19T08:23:28.612Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2024-07-09T15:33:31.512Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0561
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiADC versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | N/A | FortiADC versions antérieures à 7.2.5 | ||
| Fortinet | N/A | FortiWeb versions antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiPortal versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiOS versions antérieures à 7.4.4 | ||
| Fortinet | N/A | FortiExtender versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | N/A | FortiExtender versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | N/A | FortiProxy versions antérieures à 7.4.4 | ||
| Fortinet | N/A | FortiExtender versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiPortal versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiAIOps versions 2.0.x antérieures à 2.0.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAIOps versions 2.0.x ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-23663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23663"
},
{
"name": "CVE-2024-27785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27785"
},
{
"name": "CVE-2023-50178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50178"
},
{
"name": "CVE-2024-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27783"
},
{
"name": "CVE-2024-26015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26015"
},
{
"name": "CVE-2024-26006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26006"
},
{
"name": "CVE-2023-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50179"
},
{
"name": "CVE-2024-27784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27784"
},
{
"name": "CVE-2024-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21759"
},
{
"name": "CVE-2024-33509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33509"
},
{
"name": "CVE-2024-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27782"
},
{
"name": "CVE-2023-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50181"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0561",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-072",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-072"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-469",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-469"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-446",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-446"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-073",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-073"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-011",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-011"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-070",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-070"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-326",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-326"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-069",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-069"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-485",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-485"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-298",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-298"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-459",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-459"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-480",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-480"
}
]
}
CERTFR-2024-AVI-0561
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiADC versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | N/A | FortiADC versions antérieures à 7.2.5 | ||
| Fortinet | N/A | FortiWeb versions antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiPortal versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiOS versions antérieures à 7.4.4 | ||
| Fortinet | N/A | FortiExtender versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | N/A | FortiExtender versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | N/A | FortiProxy versions antérieures à 7.4.4 | ||
| Fortinet | N/A | FortiExtender versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiPortal versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiAIOps versions 2.0.x antérieures à 2.0.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAIOps versions 2.0.x ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-23663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23663"
},
{
"name": "CVE-2024-27785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27785"
},
{
"name": "CVE-2023-50178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50178"
},
{
"name": "CVE-2024-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27783"
},
{
"name": "CVE-2024-26015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26015"
},
{
"name": "CVE-2024-26006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26006"
},
{
"name": "CVE-2023-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50179"
},
{
"name": "CVE-2024-27784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27784"
},
{
"name": "CVE-2024-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21759"
},
{
"name": "CVE-2024-33509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33509"
},
{
"name": "CVE-2024-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27782"
},
{
"name": "CVE-2023-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50181"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0561",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-072",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-072"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-469",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-469"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-446",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-446"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-073",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-073"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-011",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-011"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-070",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-070"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-326",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-326"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-069",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-069"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-485",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-485"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-298",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-298"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-459",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-459"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-480",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-480"
}
]
}
CNVD-2024-37340
Vulnerability from cnvd - Published: 2024-09-04
VLAI
Title
Fortinet FortiExtender访问控制错误漏洞(CNVD-2024-37340)
Description
Fortinet FortiExtender是美国飞塔(Fortinet)公司的一款无线WAN(广域网)扩展器设备。
Fortinet FortiExtender存在访问控制错误漏洞,该漏洞源于存在不当访问控制,攻击者可利用该漏洞通过精心设计的HTTP请求创建具有提升权限的用户。
Severity
高
Patch Name
Fortinet FortiExtender访问控制错误漏洞(CNVD-2024-37340)的补丁
Patch Description
Fortinet FortiExtender是美国飞塔(Fortinet)公司的一款无线WAN(广域网)扩展器设备。
Fortinet FortiExtender存在访问控制错误漏洞,该漏洞源于存在不当访问控制,攻击者可利用该漏洞通过精心设计的HTTP请求创建具有提升权限的用户。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://fortiguard.com/psirt/FG-IR-23-459
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-23663
Impacted products
| Name | ['Fortinet FortiExtender >=7.4.0,<=7.4.2', 'Fortinet FortiExtender >=7.2.0,<=7.2.4', 'Fortinet FortiExtender >=7.0.0,<=7.0.4', 'Fortinet FortiExtender >=4.2.0,<=4.2.6', 'Fortinet FortiExtender >=4.1.1,<=4.1.9'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-23663",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-23663"
}
},
"description": "Fortinet FortiExtender\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebfWAN\uff08\u5e7f\u57df\u7f51\uff09\u6269\u5c55\u5668\u8bbe\u5907\u3002\n\nFortinet FortiExtender\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u4e0d\u5f53\u8bbf\u95ee\u63a7\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTTP\u8bf7\u6c42\u521b\u5efa\u5177\u6709\u63d0\u5347\u6743\u9650\u7684\u7528\u6237\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-23-459",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-37340",
"openTime": "2024-09-04",
"patchDescription": "Fortinet FortiExtender\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebfWAN\uff08\u5e7f\u57df\u7f51\uff09\u6269\u5c55\u5668\u8bbe\u5907\u3002\r\n\r\nFortinet FortiExtender\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u4e0d\u5f53\u8bbf\u95ee\u63a7\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTTP\u8bf7\u6c42\u521b\u5efa\u5177\u6709\u63d0\u5347\u6743\u9650\u7684\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Fortinet FortiExtender\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-37340\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Fortinet FortiExtender \u003e=7.4.0\uff0c\u003c=7.4.2",
"Fortinet FortiExtender \u003e=7.2.0\uff0c\u003c=7.2.4",
"Fortinet FortiExtender \u003e=7.0.0\uff0c\u003c=7.0.4",
"Fortinet FortiExtender \u003e=4.2.0\uff0c\u003c=4.2.6",
"Fortinet FortiExtender \u003e=4.1.1\uff0c\u003c=4.1.9"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-23663",
"serverity": "\u9ad8",
"submitTime": "2024-07-12",
"title": "Fortinet FortiExtender\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-37340\uff09"
}
FKIE_CVE-2024-23663
Vulnerability from fkie_nvd - Published: 2024-07-09 16:15 - Updated: 2024-11-21 08:58
Severity
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-459 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-23-459 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiextender_firmware | * | |
| fortinet | fortiextender_firmware | * | |
| fortinet | fortiextender_firmware | * | |
| fortinet | fortiextender_firmware | * | |
| fortinet | fortiextender_firmware | * | |
| fortinet | fortiextender_firmware | 5.3.2 | |
| fortinet | fortiextender | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C8C635-302D-4495-A0C0-069F08CA9CAD",
"versionEndIncluding": "4.1.9",
"versionStartIncluding": "4.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6A9F11-62C8-4A04-B1FC-795BD0D80EE7",
"versionEndIncluding": "4.2.6",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A6C42E-B444-4E9D-8DDE-377FDF85FA68",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57CACD11-5B17-4540-87AF-1B8730C84984",
"versionEndIncluding": "7.2.4",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D22C31E2-F928-4244-A5CD-CF7F018A17F9",
"versionEndIncluding": "7.4.2",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC2C9D3-01FD-4D5B-AE85-05B0CA6C99AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0617C1D-E321-409D-B54B-775E854A03C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 y 7.4.0 - 7.4.2 permite a un atacante crear usuarios con privilegios elevados a trav\u00e9s de una solicitud HTTP manipulada."
}
],
"id": "CVE-2024-23663",
"lastModified": "2024-11-21T08:58:07.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-09T16:15:04.593",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-459"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-R293-2PPV-632R
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30
VLAI
Details
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2024-23663"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T16:15:04Z",
"severity": "HIGH"
},
"details": "An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.",
"id": "GHSA-r293-2ppv-632r",
"modified": "2024-07-09T18:30:48Z",
"published": "2024-07-09T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23663"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-459"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2024-23663
Vulnerability from gsd - Updated: 2024-01-20 06:02Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-23663"
],
"id": "GSD-2024-23663",
"modified": "2024-01-20T06:02:17.544760Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-23663",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
NCSC-2024-0287
Vulnerability from csaf_ncscnl - Published: 2024-07-10 08:27 - Updated: 2024-07-10 08:27Summary
Kwetsbaarheden verholpen in Fortinet
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Fortinet heeft een aantal kwetsbaarheden verholpen in FortiAIOps, Fortinet FortiPortal, FortiWeb en Fortinet FortiExtender.
Interpretaties: De meest serieuze kwetsbaarheden zijn CVE-2024-23663, CVE-2024-27782 en CVE-2024-27784. Welke in Fortinet FortiExtender en FortiAIOps zitten.
Fortinet FortiExtender:
Fortinet ForiExtender is een apparaat welke internet verbinding via 4g en 5g ondersteund. Een kwaadwillende kan de CVE-2024-23663 kwetsbaarheid die in Fortinet FortiExtender misbruiken om via HTTP verzoeken verhoogde rechten te krijgen.
FortiAIOps (versie 2.0.0):
De andere twee kwetsbaarheden, CVE-2024-27784 en CVE-2024-27782, zitten in FortiAIOps versie 2.0.0. FortiAIOps is een platform welke netwerk verkeer ondersteund door artificiële intelligentie en machine learning. Dit doet dit door diverse data stromen van het netwerk te integreren.
Een kwaadwillende kan de CVE-2024-27782 kwetsbaarheid misbruiken om met gestolen sessie tokens ongeautoriseerde verzoeken in te dienen. Een kwaadwillende kan de CVE-2024-27784 kwetsbaarheid misbruiken, mits hij geauthenticeerd is tot FortiAIOps, om gevoelige data in te zien van een API endpoint of log files.
Oplossingen: Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-1236: Improper Neutralization of Formula Elements in a CSV File
CWE-284: Improper Access Control
CWE-295: Improper Certificate Validation
CWE-532: Insertion of Sensitive Information into Log File
CWE-613: Insufficient Session Expiration
CWE-639: Authorization Bypass Through User-Controlled Key
CWE-639
- Authorization Bypass Through User-Controlled Key
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fortiportal
fortinet
|
cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
|
— | |
|
fortiportal
fortinet
|
cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
|
— | |
|
fortiportal
fortinet
|
cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
|
— | |
|
fortiportal
fortinet
|
cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
|
— | |
|
fortiportal
fortinet
|
cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
|
— | |
|
fortiportal
fortinet
|
cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
|
— | |
|
fortiportal
fortinet
|
cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
|
— | |
|
fortiportal
fortinet
|
cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
|
— |
CWE-295
- Improper Certificate Validation
Affected products
Known affected
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.0:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.23:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.22:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.21:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.20:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.19:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.18:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.17:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.16:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.15:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.14:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.13:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.12:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.11:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.10:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.9:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.8:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.7:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.6:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.5:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.4:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.3:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.2:*:*:*:*:*:*:*
|
— | |
|
fortiweb
fortinet
|
cpe:2.3:a:fortinet:fortiweb:6.3.1:*:*:*:*:*:*:*
|
— |
CWE-613
- Insufficient Session Expiration
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fortiaiops
fortinet
|
cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*
|
— |
CWE-532
- Insertion of Sensitive Information into Log File
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fortiaiops
fortinet
|
cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*
|
— |
CWE-284
- Improper Access Control
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*
|
— | |
|
fortiextender
fortinet
|
cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*
|
— |
CWE-1236
- Improper Neutralization of Formula Elements in a CSV File
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fortiaiops
fortinet
|
cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*
|
— |
References
18 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Fortinet heeft een aantal kwetsbaarheden verholpen in FortiAIOps, Fortinet FortiPortal, FortiWeb en Fortinet FortiExtender.\n\n",
"title": "Feiten"
},
{
"category": "description",
"text": "De meest serieuze kwetsbaarheden zijn CVE-2024-23663, CVE-2024-27782 en CVE-2024-27784. Welke in Fortinet FortiExtender en FortiAIOps zitten.\n\nFortinet FortiExtender:\nFortinet ForiExtender is een apparaat welke internet verbinding via 4g en 5g ondersteund. Een kwaadwillende kan de CVE-2024-23663 kwetsbaarheid die in Fortinet FortiExtender misbruiken om via HTTP verzoeken verhoogde rechten te krijgen. \n\nFortiAIOps (versie 2.0.0):\nDe andere twee kwetsbaarheden, CVE-2024-27784 en CVE-2024-27782, zitten in FortiAIOps versie 2.0.0. FortiAIOps is een platform welke netwerk verkeer ondersteund door artifici\u00eble intelligentie en machine learning. Dit doet dit door diverse data stromen van het netwerk te integreren.\nEen kwaadwillende kan de CVE-2024-27782 kwetsbaarheid misbruiken om met gestolen sessie tokens ongeautoriseerde verzoeken in te dienen. Een kwaadwillende kan de CVE-2024-27784 kwetsbaarheid misbruiken, mits hij geauthenticeerd is tot FortiAIOps, om gevoelige data in te zien van een API endpoint of log files.\n",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Formula Elements in a CSV File",
"title": "CWE-1236"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - fortinet",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-326"
},
{
"category": "external",
"summary": "Source - fortinet",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-459"
},
{
"category": "external",
"summary": "Source - fortinet",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-011"
},
{
"category": "external",
"summary": "Source - fortinet",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-069"
},
{
"category": "external",
"summary": "Source - fortinet",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-072"
},
{
"category": "external",
"summary": "Source - fortinet",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-073"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://fortiguard.com/psirt/FG-IR-23-459"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-326"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-011"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-069"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-072"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-073"
}
],
"title": "Kwetsbaarheden verholpen in Fortinet ",
"tracking": {
"current_release_date": "2024-07-10T08:27:35.622919Z",
"id": "NCSC-2024-0287",
"initial_release_date": "2024-07-10T08:27:35.622919Z",
"revision_history": [
{
"date": "2024-07-10T08:27:35.622919Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "fortiaiops",
"product": {
"name": "fortiaiops",
"product_id": "CSAFPID-1498732",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-548737",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-548736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-548735",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-548733",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498731",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498729",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498790",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498789",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498788",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498730",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498727",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498787",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiextender",
"product": {
"name": "fortiextender",
"product_id": "CSAFPID-1498728",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-1476787",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-80581",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-80582",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-80580",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-910573",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-910572",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-910571",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-910570",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-1476788",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-1476789",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiportal",
"product": {
"name": "fortiportal",
"product_id": "CSAFPID-749726",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94517",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94547",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94546",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94464",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94431",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94497",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94499",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94472",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94432",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-110145",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-124071",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.19:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94453",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-260593",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.20:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-350300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.21:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-377287",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-548714",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94460",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94532",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-110142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94463",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-110141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94484",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94479",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94470",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-94496",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-110132",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-243312",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-165615",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-110114",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-124070",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-956835",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-260592",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-350301",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-470994",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-548713",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-548712",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-956829",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-956828",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-956836",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-548711",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiweb",
"product": {
"name": "fortiweb",
"product_id": "CSAFPID-548710",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21759",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"product_status": {
"known_affected": [
"CSAFPID-749726",
"CSAFPID-80581",
"CSAFPID-910570",
"CSAFPID-80580",
"CSAFPID-910571",
"CSAFPID-80582",
"CSAFPID-910572",
"CSAFPID-910573"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21759",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21759.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-749726",
"CSAFPID-80581",
"CSAFPID-910570",
"CSAFPID-80580",
"CSAFPID-910571",
"CSAFPID-80582",
"CSAFPID-910572",
"CSAFPID-910573"
]
}
],
"title": "CVE-2024-21759"
},
{
"cve": "CVE-2024-33509",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"product_status": {
"known_affected": [
"CSAFPID-548711",
"CSAFPID-548710",
"CSAFPID-110114",
"CSAFPID-956835",
"CSAFPID-94470",
"CSAFPID-243312",
"CSAFPID-94517",
"CSAFPID-548714",
"CSAFPID-956836",
"CSAFPID-956828",
"CSAFPID-956829",
"CSAFPID-548712",
"CSAFPID-548713",
"CSAFPID-470994",
"CSAFPID-350301",
"CSAFPID-260592",
"CSAFPID-124070",
"CSAFPID-110132",
"CSAFPID-94496",
"CSAFPID-377287",
"CSAFPID-350300",
"CSAFPID-260593",
"CSAFPID-124071",
"CSAFPID-110145",
"CSAFPID-94432",
"CSAFPID-94472",
"CSAFPID-94499",
"CSAFPID-94497",
"CSAFPID-94483",
"CSAFPID-94431",
"CSAFPID-94464",
"CSAFPID-94546",
"CSAFPID-94479",
"CSAFPID-94484",
"CSAFPID-110141",
"CSAFPID-94463",
"CSAFPID-110142",
"CSAFPID-94532",
"CSAFPID-94460",
"CSAFPID-94453",
"CSAFPID-94547"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33509",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33509.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R",
"version": "3.1"
},
"products": [
"CSAFPID-548711",
"CSAFPID-548710",
"CSAFPID-110114",
"CSAFPID-956835",
"CSAFPID-94470",
"CSAFPID-243312",
"CSAFPID-94517",
"CSAFPID-548714",
"CSAFPID-956836",
"CSAFPID-956828",
"CSAFPID-956829",
"CSAFPID-548712",
"CSAFPID-548713",
"CSAFPID-470994",
"CSAFPID-350301",
"CSAFPID-260592",
"CSAFPID-124070",
"CSAFPID-110132",
"CSAFPID-94496",
"CSAFPID-377287",
"CSAFPID-350300",
"CSAFPID-260593",
"CSAFPID-124071",
"CSAFPID-110145",
"CSAFPID-94432",
"CSAFPID-94472",
"CSAFPID-94499",
"CSAFPID-94497",
"CSAFPID-94483",
"CSAFPID-94431",
"CSAFPID-94464",
"CSAFPID-94546",
"CSAFPID-94479",
"CSAFPID-94484",
"CSAFPID-110141",
"CSAFPID-94463",
"CSAFPID-110142",
"CSAFPID-94532",
"CSAFPID-94460",
"CSAFPID-94453",
"CSAFPID-94547"
]
}
],
"title": "CVE-2024-33509"
},
{
"cve": "CVE-2024-27782",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "other",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1498732"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27782",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27782.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1498732"
]
}
],
"title": "CVE-2024-27782"
},
{
"cve": "CVE-2024-27784",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1498732"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27784",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27784.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1498732"
]
}
],
"title": "CVE-2024-27784"
},
{
"cve": "CVE-2024-23663",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1498727",
"CSAFPID-1498728",
"CSAFPID-1498729",
"CSAFPID-1498730",
"CSAFPID-548737",
"CSAFPID-1498731",
"CSAFPID-1498787",
"CSAFPID-1498788",
"CSAFPID-1498789",
"CSAFPID-1498790",
"CSAFPID-548733",
"CSAFPID-548735",
"CSAFPID-548736"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23663",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23663.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"products": [
"CSAFPID-1498727",
"CSAFPID-1498728",
"CSAFPID-1498729",
"CSAFPID-1498730",
"CSAFPID-548737",
"CSAFPID-1498731",
"CSAFPID-1498787",
"CSAFPID-1498788",
"CSAFPID-1498789",
"CSAFPID-1498790",
"CSAFPID-548733",
"CSAFPID-548735",
"CSAFPID-548736"
]
}
],
"title": "CVE-2024-23663"
},
{
"cve": "CVE-2024-27785",
"cwe": {
"id": "CWE-1236",
"name": "Improper Neutralization of Formula Elements in a CSV File"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Formula Elements in a CSV File",
"title": "CWE-1236"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1498732"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27785",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27785.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1498732"
]
}
],
"title": "CVE-2024-27785"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…