CVE-2024-23669

Name of the Vulnerable Software and Affected Versions FortiWebManager versions 6.0.2 FortiWebManager versions 6.2.3 through 6.2.4 FortiWebManager versions 6.3.0 FortiWebManager versions 7.0.0 through 7.0.4 FortiWebManager version 7.2.0

Description The issue is related to an improper authorization in FortiWebManager, which can be exploited by an attacker to execute unauthorized code or commands. This can be achieved via HTTP requests or Command Line Interface (CLI). The attacker can send specially crafted HTTP requests or use CLI to exploit the vulnerability.

Recommendations For FortiWebManager version 6.0.2, update to a version that includes a fix for the improper authorization issue. For FortiWebManager versions 6.2.3 through 6.2.4, update to a version that includes a fix for the improper authorization issue. For FortiWebManager version 6.3.0, update to a version that includes a fix for the improper authorization issue. For FortiWebManager versions 7.0.0 through 7.0.4, update to a version that includes a fix for the improper authorization issue. For FortiWebManager version 7.2.0, update to a version that includes a fix for the improper authorization issue. As a temporary workaround, consider restricting access to HTTP requests and CLI to minimize the risk of exploitation.