CVE-2024-23105

A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-24-021	Vendor Advisory
https://fortiguard.com/psirt/FG-IR-24-021	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:a:fortinet:fortiportal:7.2.0:::::::*
	cpe:2.3:a:fortinet:fortiportal:7.2.1:::::::*

History

21 Nov 2024, 08:56

Type	Values Removed	Values Added
References	~~() https://fortiguard.com/psirt/FG-IR-24-021 - Vendor Advisory~~	() https://fortiguard.com/psirt/FG-IR-24-021 - Vendor Advisory

23 May 2024, 15:52

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de uso de fuente menos confiable [CWE-348] en Fortinet FortiPortal versión 7.0.0 a 7.0.6 y versión 7.2.0 a 7.2.1 permite que un ataque no autenticado evite la protección IP a través de paquetes HTTP o HTTPS manipulados.
CPE		cpe:2.3:a:fortinet:fortiportal:::::::: cpe:2.3:a:fortinet:fortiportal:7.2.1:::::::* cpe:2.3:a:fortinet:fortiportal:7.2.0:::::::*
First Time		Fortinet Fortinet fortiportal
References	~~() https://fortiguard.com/psirt/FG-IR-24-021 -~~	() https://fortiguard.com/psirt/FG-IR-24-021 - Vendor Advisory

14 May 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 17:15

Updated : 2024-11-21 08:56

NVD link : CVE-2024-23105

Mitre link : CVE-2024-23105

CVE.ORG link : CVE-2024-23105

JSON object : View

Products Affected

fortinet

fortiportal

CWE

CWE-348

Use of Less Trusted Source

{"id": "CVE-2024-23105", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-05-14T17:15:38.967", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-24-021", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/psirt/FG-IR-24-021", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-348"}]}], "descriptions": [{"lang": "en", "value": "A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets."}, {"lang": "es", "value": "Una vulnerabilidad de uso de fuente menos confiable [CWE-348] en Fortinet FortiPortal versi\u00f3n 7.0.0 a 7.0.6 y versi\u00f3n 7.2.0 a 7.2.1 permite que un ataque no autenticado evite la protecci\u00f3n IP a trav\u00e9s de paquetes HTTP o HTTPS manipulados."}], "lastModified": "2024-11-21T08:56:56.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A94FF899-FAEF-4005-9B23-1F44A949AEEC", "versionEndIncluding": "7.0.6", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C7F7D4E-DE62-491A-9C00-EAD2595BF2D7"}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D666A3A5-B094-4A95-8EF6-8CE3E31B48D0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}