Vulnerability Details CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.7%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-23663
-
cpe:2.3:h:fortinet:fortiextender:-
-
cpe:2.3:o:fortinet:fortiextender_firmware:*
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.1
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.3
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.4
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.5
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.6
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.7
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.8
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.9
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.0
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.1
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.3
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.4
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.5
-
cpe:2.3:o:fortinet:fortiextender_firmware:5.3.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.0
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.1
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.3
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.4
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.2.0