CVE-2024-23112
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-23112 is a newly disclosed vulnerability affecting various versions of FortiOS SSL-VPN and FortiProxy. This issue involves an authorization bypass, specifically a user-controlled key vulnerability [CWE-639], which can be exploited through URL manipulation. An authenticated attacker can leverage this vulnerability to gain unauthorized access to another user's bookmarks, potentially leading to data exposure or privilege escalation. The impacted FortiOS versions include 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, and 6.4.7 through 6.4.14. Similarly, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, and 7.0.0 through 7.0.14 are also affected. It is recommended that organizations using these Fortinet products apply the relevant patches to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- FortiOS
- Fortinet FortiProxy
Affected Vendors
- Fortinet