cvelist/2024/23xxx/CVE-2024-23112.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-23112",
        "ASSIGNER": "psirt@fortinet.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user\u2019s bookmark via URL manipulation."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Improper access control",
                        "cweId": "CWE-639"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Fortinet",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "FortiOS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.4.0",
                                            "version_value": "7.4.1"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.2.0",
                                            "version_value": "7.2.6"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.0.1",
                                            "version_value": "7.0.13"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "6.4.7",
                                            "version_value": "6.4.14"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "FortiProxy",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.4.0",
                                            "version_value": "7.4.2"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.2.0",
                                            "version_value": "7.2.8"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.0.0",
                                            "version_value": "7.0.14"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://fortiguard.com/psirt/FG-IR-24-013",
                "refsource": "MISC",
                "name": "https://fortiguard.com/psirt/FG-IR-24-013"
            }
        ]
    },
    "solution": [
        {
            "lang": "en",
            "value": "Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above \n"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C"
            }
        ]
    }
}
"-Synchronized-Data." 2024-01-11 17:00:39 +00:00			`{`
"-Synchronized-Data." 2024-04-01 20:42:56 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-01-11 17:00:39 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-23112",`
"-Synchronized-Data." 2024-04-01 20:42:56 +00:00			`"ASSIGNER": "psirt@fortinet.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-01-11 17:00:39 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-04-01 20:42:56 +00:00			`"value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user\u2019s bookmark via URL manipulation."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Improper access control",`
			`"cweId": "CWE-639"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Fortinet",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "FortiOS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.4.0",`
			`"version_value": "7.4.1"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.2.0",`
			`"version_value": "7.2.6"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.0.1",`
			`"version_value": "7.0.13"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "6.4.7",`
			`"version_value": "6.4.14"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "FortiProxy",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.4.0",`
			`"version_value": "7.4.2"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.2.0",`
			`"version_value": "7.2.8"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.0.0",`
			`"version_value": "7.0.14"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://fortiguard.com/psirt/FG-IR-24-013",`
			`"refsource": "MISC",`
			`"name": "https://fortiguard.com/psirt/FG-IR-24-013"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"value": "Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above \n"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"version": "3.1",`
			`"attackComplexity": "HIGH",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.2,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C"`
"-Synchronized-Data." 2024-01-11 17:00:39 +00:00			`}`
			`]`
			`}`
			`}`