PT-2024-3558 · Fortinet · Fortiportal
Published
2024-05-14
·
Updated
2024-05-23
·
CVE-2024-23105
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiPortal versions 7.0.0 through 7.0.6
Fortinet FortiPortal versions 7.2.0 through 7.2.1
Description
The issue is related to insufficient authentication of data, allowing an unauthenticated attack to bypass IP protection. This can be achieved by sending specially crafted HTTP or HTTPS packets, potentially enabling a remote attacker to circumvent existing security restrictions.
Recommendations
For Fortinet FortiPortal versions 7.0.0 through 7.0.6, update to a version outside of this range to mitigate the risk.
For Fortinet FortiPortal versions 7.2.0 through 7.2.1, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the HTTP or HTTPS endpoints that can be exploited with crafted packets until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiportal