CVE-2024-23668

Name of the Vulnerable Software and Affected Versions Fortinet FortiWebManager versions 6.0.2, 6.2.3 through 6.2.4, 6.3.0, 7.0.0 through 7.0.4, and 7.2.0

Description The issue is related to an improper authorization in the HTTP Request Handler component of Fortinet FortiWebManager, which can be exploited by a remote attacker to elevate their privileges. This can allow the execution of unauthorized code or commands via HTTP requests or CLI.

Recommendations For Fortinet FortiWebManager version 6.0.2, update to a fixed version. For Fortinet FortiWebManager versions 6.2.3 through 6.2.4, update to a fixed version. For Fortinet FortiWebManager version 6.3.0, update to a fixed version. For Fortinet FortiWebManager versions 7.0.0 through 7.0.4, update to a fixed version. For Fortinet FortiWebManager version 7.2.0, update to a fixed version. As a temporary workaround, consider restricting access to the HTTP Request Handler component until a patch is available.