First published: Tue May 14 2024(Updated: )
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiPortal | >=7.0.0<=7.0.6 | |
Fortinet FortiPortal | =7.2.0 | |
Fortinet FortiPortal | =7.2.1 |
Please upgrade to FortiPortal version 7.2.2 or above Please upgrade to FortiPortal version 7.0.7 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23105 is considered a high severity vulnerability allowing unauthorized access to sensitive functionalities.
To fix CVE-2024-23105, you should upgrade Fortinet FortiPortal to the latest release, ensuring your version is beyond 7.0.6 or 7.2.1.
CVE-2024-23105 affects FortiPortal versions 7.0.0 through 7.0.6 and 7.2.0 through 7.2.1.
CVE-2024-23105 allows unauthenticated attackers to bypass IP protection using crafted HTTP or HTTPS packets.
CVE-2024-23105 is a Use Of Less Trusted Source vulnerability classified under CWE-348.