Vulnerability Details CVE-2024-23104
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.8%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2024-23104
-
cpe:2.3:a:fortinet:fortindr:7.0.0
-
cpe:2.3:a:fortinet:fortindr:7.0.1
-
cpe:2.3:a:fortinet:fortindr:7.0.2
-
cpe:2.3:a:fortinet:fortindr:7.0.3
-
cpe:2.3:a:fortinet:fortindr:7.0.4
-
cpe:2.3:a:fortinet:fortindr:7.0.5
-
cpe:2.3:a:fortinet:fortindr:7.0.6
-
cpe:2.3:a:fortinet:fortindr:7.0.7
-
cpe:2.3:a:fortinet:fortindr:7.1.0
-
cpe:2.3:a:fortinet:fortindr:7.1.1
-
cpe:2.3:a:fortinet:fortindr:7.1.2
-
cpe:2.3:a:fortinet:fortindr:7.2.0
-
cpe:2.3:a:fortinet:fortindr:7.2.1
-
cpe:2.3:a:fortinet:fortindr:7.2.2
-
cpe:2.3:a:fortinet:fortindr:7.2.3
-
cpe:2.3:a:fortinet:fortindr:7.2.4
-
cpe:2.3:a:fortinet:fortindr:7.2.5
-
cpe:2.3:a:fortinet:fortindr:7.4.0
-
cpe:2.3:a:fortinet:fortindr:7.4.1
-
cpe:2.3:a:fortinet:fortindr:7.4.2
-
cpe:2.3:a:fortinet:fortindr:7.4.3
-
cpe:2.3:a:fortinet:fortindr:7.4.4
-
cpe:2.3:a:fortinet:fortindr:7.4.5
-
cpe:2.3:a:fortinet:fortindr:7.4.6
-
cpe:2.3:a:fortinet:fortindr:7.4.7
-
cpe:2.3:a:fortinet:fortindr:7.4.8
-
cpe:2.3:a:fortinet:fortindr:7.6.0
-
cpe:2.3:a:fortinet:fortivoice:7.0.0
-
cpe:2.3:a:fortinet:fortivoice:7.0.1