First published: Mon Jun 03 2024(Updated: )
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAuthenticator | <6.5.3<6.4.9 | |
Fortinet FortiAuthenticator | >=6.4.0<6.5.4 | |
Fortinet FortiAuthenticator | =6.6.0 |
Please upgrade to FortiAuthenticator version 6.6.1 or above Please upgrade to FortiAuthenticator version 6.5.4 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23664 is classified as a medium-severity vulnerability due to its potential to facilitate malicious redirection.
To mitigate CVE-2024-23664, upgrade Fortinet FortiAuthenticator to version 6.6.1 or later, or apply any provided security patches.
CVE-2024-23664 affects Fortinet FortiAuthenticator versions 6.6.0, 6.5.3 and below, and 6.4.9 and below.
CVE-2024-23664 is an open redirect vulnerability which allows attackers to direct users to untrusted sites.
Attackers can exploit CVE-2024-23664 to create crafted URLs that redirect users to arbitrary and potentially malicious websites.