What is the severity of CVE-2024-23112?

CVE-2024-23112 is classified as a medium severity vulnerability due to its potential to allow unauthorized access through URL manipulation.

How do I fix CVE-2024-23112?

To remediate CVE-2024-23112, update FortiOS to version 7.4.2 or newer, or FortiProxy to version 7.4.3 or newer.

Which products are affected by CVE-2024-23112?

CVE-2024-23112 affects multiple versions of FortiOS and FortiProxy, specifically versions prior to 7.4.2 for FortiOS and 7.4.3 for FortiProxy.

Can CVE-2024-23112 be exploited remotely?

Yes, CVE-2024-23112 can be exploited by an authenticated attacker remotely through URL manipulation.

What type of vulnerability is CVE-2024-23112?

CVE-2024-23112 is an authorization bypass vulnerability classified under CWE-639.

Vulnerability/
CVE-2024-23112

high

CWE

639 119 79 89 20 94

12/3/2024

1/8/2024

CVE-2024-23112: Authorization bypass in SSLVPN bookmarks

First published: Tue Mar 12 2024(Updated: )

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS and FortiProxy SSLVPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiProxy	>=7.0.0<=7.0.14
Fortinet FortiProxy	>=7.2.0<=7.2.8
Fortinet FortiProxy	>=7.4.0<=7.4.2
Fortinet FortiOS IPS Engine	>=6.4.7<=6.4.14
Fortinet FortiOS IPS Engine	>=7.0.1<=7.0.13
Fortinet FortiOS IPS Engine	>=7.2.0<=7.2.6
Fortinet FortiOS IPS Engine	>=7.4.0<=7.4.1
Fortinet FortiOS IPS Engine	>=7.4.0<=7.4.1
Fortinet FortiOS IPS Engine	>=7.2.0<=7.2.6
Fortinet FortiOS IPS Engine	>=7.0.1<=7.0.13
Fortinet FortiOS IPS Engine	>=6.4.7<=6.4.14
Fortinet FortiProxy	>=7.4.0<=7.4.2
Fortinet FortiProxy	>=7.2.0<=7.2.8
Fortinet FortiProxy	>=7.0.0<=7.0.14

Remedy

Please upgrade to FortiOS version 7.4.2 or above Please upgrade to FortiOS version 7.2.7 or above Please upgrade to FortiOS version 7.0.14 or above Please upgrade to FortiOS version 6.4.15 or above Please upgrade to FortiProxy version 7.4.3 or above Please upgrade to FortiProxy version 7.2.9 or above Please upgrade to FortiProxy version 7.0.15 or above

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-23112?
CVE-2024-23112 is classified as a medium severity vulnerability due to its potential to allow unauthorized access through URL manipulation.
How do I fix CVE-2024-23112?
To remediate CVE-2024-23112, update FortiOS to version 7.4.2 or newer, or FortiProxy to version 7.4.3 or newer.
Which products are affected by CVE-2024-23112?
CVE-2024-23112 affects multiple versions of FortiOS and FortiProxy, specifically versions prior to 7.4.2 for FortiOS and 7.4.3 for FortiProxy.
Can CVE-2024-23112 be exploited remotely?
Yes, CVE-2024-23112 can be exploited by an authenticated attacker remotely through URL manipulation.
What type of vulnerability is CVE-2024-23112?
CVE-2024-23112 is an authorization bypass vulnerability classified under CWE-639.

agent/remedy
agent/type
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-23112
agent/first-publish-date
agent/description
agent/author
collector/the-register
source/The Register
alias/CVE-2024-21407
alias/CVE-2024-21408
alias/CVE-2024-21334
alias/CVE-2024-21400
alias/CVE-2023-32666
alias/CVE-2023-32282
alias/CVE-2024-2193
alias/CVE-2023-20214
alias/CVE-2024-20337
alias/CVE-2024-0039
alias/CVE-2024-23717
alias/CVE-2023-42789
alias/CVE-2023-42790
alias/CVE-2023-48788
alias/CVE-2023-47534
alias/CVE-2023-36554
alias/CVE-2023-46717
agent/references
agent/softwarecombine
agent/event
agent/news-ai
agent/severity
agent/weakness
agent/title
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/fortiguard-psirt
vendor/fortinet
canonical/fortinet fortiproxy
version/fortinet fortiproxy/7.0.0
version/fortinet fortiproxy/7.0.14
version/fortinet fortiproxy/7.2.0
version/fortinet fortiproxy/7.2.8
version/fortinet fortiproxy/7.4.0
version/fortinet fortiproxy/7.4.2
canonical/fortinet fortios ips engine
version/fortinet fortios ips engine/6.4.7
version/fortinet fortios ips engine/6.4.14
version/fortinet fortios ips engine/7.0.1
version/fortinet fortios ips engine/7.0.13
version/fortinet fortios ips engine/7.2.0
version/fortinet fortios ips engine/7.2.6
version/fortinet fortios ips engine/7.4.0
version/fortinet fortios ips engine/7.4.1