VYPR
Unrated severityNVD Advisory· Published Jul 9, 2024· Updated Aug 1, 2024

CVE-2024-23663

CVE-2024-23663

Description

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.

Affected products

2
  • Fortinet/FortiExtenderllm-fuzzy2 versions
    >=4.1.1 <=4.1.9, >=4.2.0 <=4.2.6, =5.3.2, >=7.0.0 <=7.0.4, >=7.2.0 <=7.2.4, >=7.4.0 <=7.4.2+ 1 more
    • (no CPE)range: >=4.1.1 <=4.1.9, >=4.2.0 <=4.2.6, =5.3.2, >=7.0.0 <=7.0.4, >=7.2.0 <=7.2.4, >=7.4.0 <=7.4.2
    • (no CPE)range: 7.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.