First published: Mon Jun 03 2024(Updated: )
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWeb | >=6.3.0<=6.3.23 | |
Fortinet FortiWeb | >=7.0.0<7.0.9 | |
Fortinet FortiWeb | >=7.2.0<7.2.5 | |
Fortinet FortiWeb | =7.4.0 |
Please upgrade to FortiWeb version 7.4.1 or above Please upgrade to FortiWeb version 7.2.5 or above Please upgrade to FortiWeb version 7.0.9 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23107 has been classified as a medium severity vulnerability due to the potential exposure of sensitive information.
To mitigate CVE-2024-23107, upgrade FortiWeb to version 7.4.1 or later, 7.2.5 or later, or 7.0.9 or later.
CVE-2024-23107 allows an authenticated attacker to read password hashes of other administrators.
CVE-2024-23107 affects FortiWeb versions 6.3 all versions, 7.0.8 and below, 7.2.4 and below, and version 7.4.0.
Authenticated attackers with CLI access to affected versions of FortiWeb are at risk of exploiting CVE-2024-23107.