← Voltar para CVEs
CVE-2024-36509
MEDIUM4.2
Descricao
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
Detalhes CVE
Pontuacao CVSS v3.14.2
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioREQUIRED
Publicado11/12/2024
Ultima modificacao11/14/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
fortinet:fortiweb
Fraquezas (CWE)
CWE-497
Referencias
https://fortiguard.fortinet.com/psirt/FG-IR-24-180(psirt@fortinet.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.