What is the severity of CVE-2024-23662?

CVE-2024-23662 is classified as a critical vulnerability due to the exposure of sensitive information to unauthorized actors.

How do I fix CVE-2024-23662?

To fix CVE-2024-23662, upgrade FortiOS to version 7.4.2 or later, 7.2.6 or later, or apply the appropriate remediation for affected versions.

Which versions of FortiOS are affected by CVE-2024-23662?

CVE-2024-23662 affects FortiOS versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.5, 7.0.0 to 7.0.15, and 6.4.0 to 6.4.15.

What type of vulnerability is CVE-2024-23662?

CVE-2024-23662 is an information disclosure vulnerability that allows attackers to access sensitive information via HTTP requests.

Who is affected by CVE-2024-23662?

Organizations using Fortinet FortiOS versions listed in the vulnerability details are at risk of CVE-2024-23662.

Vulnerability/
CVE-2024-23662

high

7.5

CWE

200 77

9/4/2024

23/10/2024

11/12/2024

CVE-2024-23662: Web server ETag exposure

First published: Tue Apr 09 2024(Updated: )

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
FortiOS	>=7.4.0<=7.4.1
FortiOS	>=7.2.0<=7.2.5
FortiOS	>=7.0
FortiOS	>=6.4
FortiOS	>=6.4.0<7.2.6
FortiOS	>=7.4.0<7.4.2

Remedy

Please upgrade to FortiOS version 7.4.2 or above Please upgrade to FortiOS version 7.2.6 or above

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-23662?
CVE-2024-23662 is classified as a critical vulnerability due to the exposure of sensitive information to unauthorized actors.
How do I fix CVE-2024-23662?
To fix CVE-2024-23662, upgrade FortiOS to version 7.4.2 or later, 7.2.6 or later, or apply the appropriate remediation for affected versions.
Which versions of FortiOS are affected by CVE-2024-23662?
CVE-2024-23662 affects FortiOS versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.5, 7.0.0 to 7.0.15, and 6.4.0 to 6.4.15.
What type of vulnerability is CVE-2024-23662?
CVE-2024-23662 is an information disclosure vulnerability that allows attackers to access sensitive information via HTTP requests.
Who is affected by CVE-2024-23662?
Organizations using Fortinet FortiOS versions listed in the vulnerability details are at risk of CVE-2024-23662.

agent/remedy
agent/type
agent/first-publish-date
agent/description
collector/the-register
source/The Register
alias/CVE-2024-26234
alias/CVE-2024-29988
alias/CVE-2024-21322
alias/CVE-2024-21323
alias/CVE-2024-29053
alias/CVE-2023-41677
alias/CVE-2023-48784
alias/CVE-2024-23662
alias/CVE-2024-22246
alias/CVE-2024-20348
agent/news-ai
agent/weakness
agent/references
agent/author
agent/title
collector/mitre-cve
source/MITRE
collector/fortiguard-psirt-latest
source/FortiGuard
agent/last-modified-date
agent/severity
agent/event
agent/source
agent/tags
agent/softwarecombine
agent/trending
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
vendor/fortinet
canonical/fortios
version/fortios/7.4.0
version/fortios/7.4.1
version/fortios/7.2.0
version/fortios/7.2.5
version/fortios/7.0
version/fortios/6.4
version/fortios/6.4.0