CVE-2024-23112

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.7 through 6.4.14 FortiOS versions 7.0.1 through 7.0.13 FortiOS versions 7.2.0 through 7.2.6 FortiOS versions 7.4.0 through 7.4.1 FortiProxy versions 7.0.0 through 7.0.14 FortiProxy versions 7.2.0 through 7.2.8 FortiProxy versions 7.4.0 through 7.4.2

Description The issue is related to an authorization bypass through a user-controlled key vulnerability. This may allow an authenticated attacker to gain access to another user's bookmark via URL manipulation. The vulnerability is associated with the SSL-VPN component of FortiOS and FortiProxy.

Recommendations For FortiOS versions 6.4.7 through 6.4.14, update to a version that includes the fix for this issue. For FortiOS versions 7.0.1 through 7.0.13, update to a version that includes the fix for this issue. For FortiOS versions 7.2.0 through 7.2.6, update to a version that includes the fix for this issue. For FortiOS versions 7.4.0 through 7.4.1, update to a version that includes the fix for this issue. For FortiProxy versions 7.0.0 through 7.0.14, update to a version that includes the fix for this issue. For FortiProxy versions 7.2.0 through 7.2.8, update to a version that includes the fix for this issue. For FortiProxy versions 7.4.0 through 7.4.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SSL-VPN component until a patch is available.