FortiPortal 7.0.07.0.6, 7.2.07.2.1 IP Bypass via Crafted HTTP/HTTPS (CWE348)
CVE-2024-23105 Published on May 14, 2024
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
Vulnerability Analysis
CVE-2024-23105 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Use of Less Trusted Source
The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
Products Associated with CVE-2024-23105
Want to know whenever a new CVE is published for Fortinet Fortiportal? stack.watch will email you.
Affected Versions
Fortinet FortiPortal:- Version 7.2.0, <= 7.2.1 is affected.
- Version 7.0.0, <= 7.0.6 is affected.
- Version 7.0.0, <= 7.0.6 is affected.
- Version 7.2.0, <= 7.2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.