CVE-2024-23667

Name of the Vulnerable Software and Affected Versions: FortiWebManager versions 6.0.2, 6.2.3 through 6.2.4, 6.3.0, 7.0.0 through 7.0.4, and 7.2.0

Description: The issue is related to improper authorization in FortiWebManager, which can allow an attacker to execute unauthorized code or commands via HTTP requests or CLI. This can potentially lead to unauthorized access, modification, or deletion of data by sending specially crafted HTTP requests.

Recommendations: For version 6.0.2, update to a newer version to mitigate the risk. For versions 6.2.3 through 6.2.4, update to a newer version to mitigate the risk. For version 6.3.0, update to a newer version to mitigate the risk. For versions 7.0.0 through 7.0.4, update to a newer version to mitigate the risk. For version 7.2.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.