CVE-2024-23666

{"id": "CVE-2024-23666", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-11-12T19:15:07.970", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-396", "source": "psirt@fortinet.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-602"}]}], "descriptions": [{"lang": "en", "value": "A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData \r\nat least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests."}, {"lang": "es", "value": "Una aplicaci\u00f3n del lado del cliente de la seguridad del lado del servidor en Fortinet FortiAnalyzer-BigData al menos en las versiones 7.4.0 y 7.2.0 a 7.2.6 y 7.0.1 a 7.0.6 y 6.4.5 a 6.4.7 y 6.2.5, FortiManager versi\u00f3n 7.4.0 a 7.4.1 y 7.2.0 a 7.2.4 y 7.0.0 a 7.0.11 y 6.4.0 a 6.4.14, FortiAnalyzer versi\u00f3n 7.4.0 a 7.4.1 y 7.2.0 a 7.2.4 y 7.0.0 a 7.0.11 y 6.4.0 a 6.4.14 permite a un atacante realizar un control de acceso indebido a trav\u00e9s de solicitudes manipuladas."}], "lastModified": "2024-11-13T17:01:16.850", "sourceIdentifier": "psirt@fortinet.com"}