CVE-2024-23670

{"id": "CVE-2024-23670", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-06-03T10:15:13.523", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."}, {"lang": "es", "value": "Una autorizaci\u00f3n inadecuada en Fortinet FortiWebManager versi\u00f3n 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes HTTP o CLI."}], "lastModified": "2024-12-17T16:35:25.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C00F44FF-9533-4354-9060-A74E8F43E747", "versionEndExcluding": "6.2.5", "versionStartIncluding": "6.2.3"}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "403F07C3-8D48-4403-B9EE-0076F8639CB1", "versionEndExcluding": "7.0.5", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A921BEEB-D912-471E-8176-8804F5CD5118"}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C7475A8-52EB-413E-A196-6F43137B545F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}