CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-23666

Medium Severity
Fortinet
SVRS
30/100
CVSSv3
8.8/10
EPSS
0.02944/1

CVE-2024-23666 is a critical improper access control vulnerability affecting Fortinet FortiAnalyzer, FortiManager, and FortiAnalyzer-BigData products. This flaw allows attackers to gain unauthorized access through specially crafted requests due to inadequate client-side enforcement of server-side security. While the CVSS score is 8.8, indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower immediate risk compared to vulnerabilities with scores above 80. However, the "Exploit Available" tag signifies a heightened risk as active exploits are publicly available, making exploitation easier. Organizations using the affected versions of Fortinet products should prioritize patching this vulnerability to prevent potential breaches and data compromise. Despite the lower SVRS, the presence of active exploits significantly increases the threat level, demanding prompt security measures. This vulnerability poses a significant risk because successful exploitation could lead to unauthorized access to sensitive data and system compromise.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-11-12
LAST MODIFIED2025-01-21
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-23666 affects multiple Fortinet products including FortiAnalyzer-BigData, FortiManager, and FortiAnalyzer. The vulnerability stems from a client-side enforcement of server-side security, allowing attackers to bypass access controls through crafted requests. This vulnerability could allow attackers to gain unauthorized access to sensitive data or even execute malicious code. While the CVSS score is 7.5, the SVRS score is 30, indicating a moderate risk. However, the vulnerability being "In The Wild" increases the urgency, as attackers are actively exploiting it.

Key Insights

  • Active Exploitation: This vulnerability is being actively exploited by hackers in the wild. This signifies a high level of threat and immediate action is necessary.
  • Multiple Products Affected: The vulnerability affects a range of Fortinet products, including FortiAnalyzer-BigData, FortiManager, and FortiAnalyzer across multiple versions, highlighting a widespread impact.
  • Potential for Data Breaches: Successful exploitation of this vulnerability could grant attackers unauthorized access to sensitive data.
  • CWE-602: The vulnerability is classified as CWE-602: "Weak or Missing Access Control", emphasizing the potential for access control bypass.

Mitigation Strategies

  • Patching: Apply the latest security patches from Fortinet to all affected devices. This is the most effective way to mitigate the vulnerability.
  • Network Segmentation: Implement network segmentation to isolate vulnerable devices from critical systems.
  • Intrusion Detection/Prevention Systems: Implement intrusion detection/prevention systems (IDS/IPS) to detect and block malicious traffic targeting the vulnerability.
  • Security Awareness Training: Conduct security awareness training for users to educate them about the risks of phishing and social engineering attacks.

Additional Information

For more information, please contact SOCRadar directly through the 'Ask to Analyst' feature, or open a support ticket if needed.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
synacktiv/CVE-2023-42791_CVE-2024-23666https://github.com/synacktiv/CVE-2023-42791_CVE-2024-236662025-02-12
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-23666 | Fortinet FortiManager/FortiAnalyzer up to 6.4.14/7.0.11/7.2.4/7.4.1 Requests client-side enforcement of server-side security (FG-IR-23-396)
vuldb.com2025-01-22
CVE-2024-23666 | Fortinet FortiManager/FortiAnalyzer up to 6.4.14/7.0.11/7.2.4/7.4.1 Requests client-side enforcement of server-side security (FG-IR-23-396) | A vulnerability, which was classified as critical, has been found in Fortinet FortiManager and FortiAnalyzer up to 6.4.14/7.0.11/7.2.4/7.4.1. Affected by this issue is some unknown functionality of the component Requests Handler. The manipulation leads to client-side enforcement of server-side security. This vulnerability is handled as <a href="https://vuldb.com
vuldb.com
rss
forum
news
Critical Fortinet Product Flaws That Let Hackers Take Control of The System
Tushar Subhra Dutta2024-11-13
Critical Fortinet Product Flaws That Let Hackers Take Control of The System | Fortinet has released critical security updates to address multiple product vulnerabilities, including FortiOS, FortiAnalyzer, FortiManager, and FortiClient Windows. If left unpatched, these flaws could allow attackers to take control of affected systems. One of the most severe vulnerabilities, tracked as CVE-2024-47575, affects FortiManager and has been actively exploited in the wild. With a CVSS score [&#8230;] The post Critical Fortinet Product Flaws That Let Hackers Take Control of
cybersecuritynews.com
rss
forum
news

Social Media

In 2024, Fortinet deployed several patches for CVE-2023-42791 and CVE-2024-23666, discovered by @Aeinot_, Paul Barbé and @loadlow. These vulnerabilities allow, from read-only access to a FortiManager, to execute code as root and thus take control of all managed FortiGates.
0
1
2
CVE-2024-23666 A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiMa... https://t.co/sOZv1IvMwn
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppFortinetfortianalyzer
AppFortinetfortimanager
AppFortinetfortianalyzer_big_data

References

ReferenceLink
[email protected]https://fortiguard.fortinet.com/psirt/FG-IR-23-396

CWE Details

CWE IDCWE NameDescription
CWE-602Client-Side Enforcement of Server-Side SecurityThe software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence