CVE-2024-23105

EUVD-2024-20630
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
fortinetfortiportal
7.0.0 ≤
𝑥
≤ 7.0.6
fortinetfortiportal
7.2.0
fortinetfortiportal
7.2.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fortinetfortiportal
7.0.0 ≤
𝑥
≤ 7.0.6
ADP
fortinetfortiportal
7.2.0 ≤
𝑥
≤ 7.2.1
ADP
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-24-021
https://fortiguard.com/psirt/FG-IR-24-021