PT-2024-3551 · Fortinet · Fortios
Published
2024-04-09
·
Updated
2024-12-11
·
CVE-2024-23662
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiOS versions 6.4.0 through 6.4.15
Fortinet FortiOS versions 7.0.0 through 7.0.15
Fortinet FortiOS versions 7.2.0 through 7.2.5
Fortinet FortiOS versions 7.4.0 through 7.4.1
Description
The issue is related to the exposure of sensitive information to unauthorized actors in Fortinet FortiOS. This can be achieved through specially crafted HTTP requests, allowing attackers to disclose protected information. The vulnerability is associated with a lack of protection for service data.
Recommendations
For Fortinet FortiOS versions 6.4.0 through 6.4.15, update to a version that includes a fix for this issue.
For Fortinet FortiOS versions 7.0.0 through 7.0.15, update to a version that includes a fix for this issue.
For Fortinet FortiOS versions 7.2.0 through 7.2.5, update to a version that includes a fix for this issue.
For Fortinet FortiOS versions 7.4.0 through 7.4.1, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to HTTP requests to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios