PT-2024-7465 · Fortinet · Fortimanager
Published
2024-10-08
·
Updated
2025-01-21
·
CVE-2024-33506
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
FortiManager versions 7.4.2 and below
FortiManager versions 7.2.5 and below
FortiManager versions 7.0.12 and below
Description:
The issue is related to the exposure of sensitive information to unauthorized actors. It allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summaries of unauthorized ADOMs via crafted HTTP requests. This can lead to the disclosure of protected information.
Recommendations:
For FortiManager versions 7.4.2 and below, upgrade to a version above 7.4.2 to mitigate the risk.
For FortiManager versions 7.2.5 and below, upgrade to a version above 7.2.5 to mitigate the risk.
For FortiManager versions 7.0.12 and below, upgrade to a version above 7.0.12 to mitigate the risk.
As a temporary workaround, consider restricting access to crafted HTTP requests to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortimanager