What is the severity of FG-IR-23-396?

The vulnerability FG-IR-23-396 is classified as a client-side enforcement of server-side security issue that allows authenticated attackers to execute sensitive operations.

How do I fix FG-IR-23-396?

To fix FG-IR-23-396, upgrade your FortiAnalyzer or FortiManager to the specified remedial versions: FortiAnalyzer to 7.4.3, 7.2.6, 7.0.13, or 6.4.15 and FortiManager to 7.4.3, 7.2.6, 7.0.13, or 6.4.15.

Which versions are affected by FG-IR-23-396?

The affected versions of FortiAnalyzer are 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, and 6.4.0 to 6.4.14, while FortiManager versions are 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, and 6.4.0 to 6.4.14.

Who can exploit FG-IR-23-396?

An authenticated attacker with at least read-only permission can exploit the FG-IR-23-396 vulnerability.

Vulnerability/
FG-IR-23-396

high

7.1

12/11/2024

18/12/2024

FG-IR-23-396: Readonly users could run some sensitive operations

Q: What type of vulnerability is FG-IR-23-396?

FG-IR-23-396 is a client-side enforcement of server-side security vulnerability as classified by CWE-602.

First published: Tue Nov 12 2024(Updated: )

A client-side enforcement of server-side security vulnerability [CWE-602] in FortiAnalyzer may allow an authenticated attacker with at least read-only permission to execute sensitive operations via crafted requests.

Affected Software	Affected Version	How to fix
Fortinet FortiAnalyzer	>=7.4.0<=7.4.2
Fortinet FortiAnalyzer	>=7.2.0<=7.2.5
Fortinet FortiAnalyzer	>=7.0.0<=7.0.12
Fortinet FortiAnalyzer	>=6.4.0<=6.4.14
Fortinet FortiAnalyzer	=.
Fortinet FortiAnalyzer	>=7.2.0<=7.2.6
Fortinet FortiAnalyzer	>=7.0
Fortinet FortiAnalyzer	>=6.4
Fortinet FortiAnalyzer	>=6.2
Fortinet FortiManager	>=7.4.0<=7.4.2
Fortinet FortiManager	>=7.2.0<=7.2.5
Fortinet FortiManager	>=7.0.0<=7.0.12
Fortinet FortiManager	>=6.4.0<=6.4.14

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-23-396?
The vulnerability FG-IR-23-396 is classified as a client-side enforcement of server-side security issue that allows authenticated attackers to execute sensitive operations.
How do I fix FG-IR-23-396?
To fix FG-IR-23-396, upgrade your FortiAnalyzer or FortiManager to the specified remedial versions: FortiAnalyzer to 7.4.3, 7.2.6, 7.0.13, or 6.4.15 and FortiManager to 7.4.3, 7.2.6, 7.0.13, or 6.4.15.
Which versions are affected by FG-IR-23-396?
The affected versions of FortiAnalyzer are 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, and 6.4.0 to 6.4.14, while FortiManager versions are 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, and 6.4.0 to 6.4.14.
Who can exploit FG-IR-23-396?
An authenticated attacker with at least read-only permission can exploit the FG-IR-23-396 vulnerability.
What type of vulnerability is FG-IR-23-396?
FG-IR-23-396 is a client-side enforcement of server-side security vulnerability as classified by CWE-602.

agent/last-modified-date
agent/type
agent/first-publish-date
agent/severity
agent/title
agent/references
agent/description
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-23666
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortianalyzer
version/fortinet fortianalyzer/7.4.0
version/fortinet fortianalyzer/7.4.2
version/fortinet fortianalyzer/7.2.0
version/fortinet fortianalyzer/7.2.5
version/fortinet fortianalyzer/7.0.0
version/fortinet fortianalyzer/7.0.12
version/fortinet fortianalyzer/6.4.0
version/fortinet fortianalyzer/6.4.14
version/fortinet fortianalyzer/.
version/fortinet fortianalyzer/7.2.6
version/fortinet fortianalyzer/7.0
version/fortinet fortianalyzer/6.4
version/fortinet fortianalyzer/6.2
canonical/fortinet fortimanager
version/fortinet fortimanager/7.4.0
version/fortinet fortimanager/7.4.2
version/fortinet fortimanager/7.2.0
version/fortinet fortimanager/7.2.5
version/fortinet fortimanager/7.0.0
version/fortinet fortimanager/7.0.12
version/fortinet fortimanager/6.4.0
version/fortinet fortimanager/6.4.14

FG-IR-23-396: Readonly users could run some sensitive operations

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-23-396?

How do I fix FG-IR-23-396?

Which versions are affected by FG-IR-23-396?

Who can exploit FG-IR-23-396?

What type of vulnerability is FG-IR-23-396?

Company

Resources

Contact