CVE-2024-23112

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 12, 2024
Updated: Mar 15, 2024
CWE ID 639

Summary

CVE-2024-23112 is a newly disclosed vulnerability affecting various versions of FortiOS SSL-VPN and FortiProxy. This issue involves an authorization bypass, specifically a user-controlled key vulnerability [CWE-639], which can be exploited through URL manipulation. An authenticated attacker can leverage this vulnerability to gain unauthorized access to another user's bookmarks, potentially leading to data exposure or privilege escalation. The impacted FortiOS versions include 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, and 6.4.7 through 6.4.14. Similarly, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, and 7.0.0 through 7.0.14 are also affected. It is recommended that organizations using these Fortinet products apply the relevant patches to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • FortiOS
  • Fortinet FortiProxy

Affected Vendors

  • Fortinet