An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Description An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
CPEs cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X'}

cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:X'}


Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00154}

epss

{'score': 0.00258}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-06-05T07:45:35.018Z

Updated: 2026-07-08T13:03:45.914Z

Reserved: 2024-01-19T08:23:28.613Z

Link: CVE-2024-23669

cve-icon Vulnrichment

Updated: 2024-08-01T23:06:25.272Z

cve-icon NVD

Status : Modified

Published: 2024-06-05T08:15:09.537

Modified: 2026-06-17T07:13:21.000

Link: CVE-2024-23669

cve-icon Redhat

No data.