CVE-2024-23668
HIGHCVSS v3.1: 8.8 · EPSS: 0.0065 (46.8 percentile)
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 8.8 v3.1 · NVD
- EPSS
- 0.0065 (46.8 percentile) · FIRST.org
- CISA KEV
- No
- Type
- Improper Input Validation · NVD CWE
- Attack conditions (CVSS vector)
- NetworkNo user interaction · Source: NVD Vector
- Affected vendors
- fortinet
- Published
- 2024-06-03 · Modified: 2026-07-08
- References
- Jump to references (1)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.