Vulnerability Description
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | >= 6.4.0, < 6.4.15 |
| Fortinet | Fortianalyzer Big Data | >= 6.2.1, < 7.2.7 |
| Fortinet | Fortimanager | >= 6.4.0, < 6.4.15 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-23-396Vendor Advisory
FAQ
What is CVE-2024-23666?
CVE-2024-23666 is a vulnerability with a CVSS score of 7.5 (HIGH). A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiMan...
How severe is CVE-2024-23666?
CVE-2024-23666 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23666?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortianalyzer Big Data, Fortinet Fortimanager.