Project Subscriptions
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-21142 | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. |
Solution
Upgrade to FortiWebManager version 7.4.0 or above Upgrade to FortiWebManager version 7.2.1 or above Upgrade to FortiWebManager version 7.0.5 or above Upgrade to FortiWebManager version 6.3.1 or above Upgrade to FortiWebManager version 6.2.5 or above
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-23-222 |
|
Wed, 08 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. | An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. |
| CPEs | cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:* |
|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 14 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: fortinet
Published:
Updated: 2026-07-08T13:03:45.914Z
Reserved: 2024-01-19T08:23:28.613Z
Link: CVE-2024-23669
Updated: 2024-08-01T23:06:25.272Z
Status : Modified
Published: 2024-06-05T08:15:09.537
Modified: 2026-06-17T07:13:21.000
Link: CVE-2024-23669
No data.
OpenCVE Enrichment
No data.
EUVD