Vulnerabilities > CVE-2024-23112 - Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortios and Fortiproxy

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
fortinet
CWE-639
NVD
Published: 2024-03-12
Updated: 2024-03-15

Summary

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.

Vulnerable Configurations

Part Description Count
OS
Fortinet
30
Application
Fortinet
16

Common Weakness Enumeration (CWE)

References