CVE-2024-23670

{"id": "CVE-2024-23670", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-06-03T10:15:13.523", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."}, {"lang": "es", "value": "Una autorizaci\u00f3n inadecuada en Fortinet FortiWebManager versi\u00f3n 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes HTTP o CLI."}], "lastModified": "2024-12-17T16:35:25.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C00F44FF-9533-4354-9060-A74E8F43E747", "versionEndExcluding": "6.2.5", "versionStartIncluding": "6.2.3"}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "403F07C3-8D48-4403-B9EE-0076F8639CB1", "versionEndExcluding": "7.0.5", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A921BEEB-D912-471E-8176-8804F5CD5118"}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C7475A8-52EB-413E-A196-6F43137B545F"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}