{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23662", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-01-19T08:23:28.612Z", "datePublished": "2024-04-09T14:24:18.538Z", "dateUpdated": "2024-08-22T19:58:33.041Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiOS", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.1", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.5", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.15", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.15", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-04-09T14:24:18.538Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.6 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-224", "url": "https://fortiguard.com/psirt/FG-IR-23-224"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.270Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-224", "url": "https://fortiguard.com/psirt/FG-IR-23-224", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.1", "versionType": "custom"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.5", "versionType": "custom"}, {"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.15", "versionType": "custom"}, {"version": "6.4.0", "status": "affected", "lessThanOrEqual": "6.4.15", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-09T19:58:39.327704Z", "id": "CVE-2024-23662", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T19:58:33.041Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-224", "name": "https://fortiguard.com/psirt/FG-IR-23-224", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.270Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23662", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-09T19:58:39.327704Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortios", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "custom", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.5"}, {"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.15"}, {"status": "affected", "version": "6.4.0", "versionType": "custom", "lessThanOrEqual": "6.4.15"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T19:58:27.338Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:X", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Fortinet", "product": "FortiOS", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.5"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.15"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.15"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.6 or above \n"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-224", "name": "https://fortiguard.com/psirt/FG-IR-23-224"}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-04-09T14:24:18.538Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23662", "state": "PUBLISHED", "dateUpdated": "2024-08-22T19:58:33.041Z", "dateReserved": "2024-01-19T08:23:28.612Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-04-09T14:24:18.538Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "C84C7A2F-EE15-4CAA-BC3F-A7FDD8A4574F", "versionEndExcluding": "7.2.6", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "4316C2EA-3D6E-4A0C-B81D-ADCE040E03E0", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests."}, {"lang": "es", "value": "La exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Fortinet FortiOS al menos en la versi\u00f3n 7.4.0 a 7.4.1 y 7.2.0 a 7.2.5 y 7.0.0 a 7.0.15 y 6.4.0 a 6.4.15 permite al atacante a la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de solicitudes HTTP."}], "id": "CVE-2024-23662", "lastModified": "2024-12-11T19:11:44.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-09T15:15:31.370", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-224"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}