{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-23669", "ASSIGNER": "psirt@fortinet.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands", "cweId": "CWE-20" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Fortinet", "product": { "product_data": [ { "product_name": "FortiWebManager", "version": { "version_data": [ { "version_affected": "=", "version_value": "7.2.0" }, { "version_affected": "<=", "version_name": "7.0.0", "version_value": "7.0.4" }, { "version_affected": "=", "version_value": "6.3.0" }, { "version_affected": "<=", "version_name": "6.2.3", "version_value": "6.2.4" }, { "version_affected": "=", "version_value": "6.0.2" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "refsource": "MISC", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222" } ] }, "solution": [ { "lang": "en", "value": "Please upgrade to FortiWebManager version 7.4.0 or above \nPlease upgrade to FortiWebManager version 7.2.1 or above \nPlease upgrade to FortiWebManager version 7.0.5 or above \nPlease upgrade to FortiWebManager version 6.3.1 or above \nPlease upgrade to FortiWebManager version 6.2.5 or above \n" } ], "impact": { "cvss": [ { "version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X" } ] } }