{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23670", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-01-19T08:23:28.613Z", "datePublished": "2024-06-03T09:48:12.424Z", "dateUpdated": "2024-08-01T23:06:25.445Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiWebManager", "defaultStatus": "unaffected", "versions": [{"version": "7.2.0", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.4", "status": "affected"}, {"version": "6.3.0", "status": "affected"}, {"versionType": "semver", "version": "6.2.3", "lessThanOrEqual": "6.2.4", "status": "affected"}, {"version": "6.0.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-06-03T09:48:12.424Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-285", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiWebManager version 7.4.0 or above \nPlease upgrade to FortiWebManager version 7.2.1 or above \nPlease upgrade to FortiWebManager version 7.0.5 or above \nPlease upgrade to FortiWebManager version 6.3.1 or above \nPlease upgrade to FortiWebManager version 6.2.5 or above \n"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23670", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-03T16:51:43.637231Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:7.2.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "7.2.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:7.0.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:6.3.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "6.3.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:6.2.3:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "6.2.3", "versionType": "custom", "lessThanOrEqual": "6.2.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:6.0.2:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "6.0.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:45:45.944Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.445Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.445Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23670", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-03T16:51:43.637231Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:7.2.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "7.2.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:7.0.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:6.3.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "6.3.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:6.2.3:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "6.2.3", "versionType": "custom", "lessThanOrEqual": "6.2.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortiweb_manager:6.0.2:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiweb_manager", "versions": [{"status": "affected", "version": "6.0.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T16:51:34.236Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiWebManager", "versions": [{"status": "affected", "version": "7.2.0"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.4"}, {"status": "affected", "version": "6.3.0"}, {"status": "affected", "version": "6.2.3", "versionType": "semver", "lessThanOrEqual": "6.2.4"}, {"status": "affected", "version": "6.0.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiWebManager version 7.4.0 or above \nPlease upgrade to FortiWebManager version 7.2.1 or above \nPlease upgrade to FortiWebManager version 7.0.5 or above \nPlease upgrade to FortiWebManager version 6.3.1 or above \nPlease upgrade to FortiWebManager version 6.2.5 or above \n"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222"}], "descriptions": [{"lang": "en", "value": "An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-06-03T09:48:12.424Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23670", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:06:25.445Z", "dateReserved": "2024-01-19T08:23:28.613Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-06-03T09:48:12.424Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C00F44FF-9533-4354-9060-A74E8F43E747", "versionEndExcluding": "6.2.5", "versionStartIncluding": "6.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "403F07C3-8D48-4403-B9EE-0076F8639CB1", "versionEndExcluding": "7.0.5", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A921BEEB-D912-471E-8176-8804F5CD5118", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C7475A8-52EB-413E-A196-6F43137B545F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."}, {"lang": "es", "value": "Una autorizaci\u00f3n inadecuada en Fortinet FortiWebManager versi\u00f3n 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes HTTP o CLI."}], "id": "CVE-2024-23670", "lastModified": "2024-12-17T16:35:25.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-03T10:15:13.523", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-222"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}