← Volver a CVEs
CVE-2024-36509
MEDIUM4.2
Descripcion
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
Detalles CVE
Puntuacion CVSS v3.14.2
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado11/12/2024
Ultima modificacion11/14/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
fortinet:fortiweb
Debilidades (CWE)
CWE-497
Referencias
https://fortiguard.fortinet.com/psirt/FG-IR-24-180(psirt@fortinet.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.