{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-23669","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2024-01-19T08:23:28.613Z","datePublished":"2024-06-05T07:45:35.018Z","dateUpdated":"2026-07-08T13:03:45.914Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiWebManager","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"7.2.0","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.4","status":"affected"},{"version":"6.3.0","status":"affected"},{"versionType":"semver","version":"6.2.3","lessThanOrEqual":"6.2.4","status":"affected"},{"version":"6.0.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-07-08T13:03:45.914Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-20","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:X"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiWebManager version 7.4.0 or above\nUpgrade to FortiWebManager version 7.2.1 or above\nUpgrade to FortiWebManager version 7.0.5 or above\nUpgrade to FortiWebManager version 6.3.1 or above\nUpgrade to FortiWebManager version 6.2.5 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222"}]},"adp":[{"affected":[{"vendor":"fortinet","product":"fortiweb_manager","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","status":"affected","lessThanOrEqual":"7.0.4","versionType":"semver"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","status":"affected","lessThanOrEqual":"6.2.4","versionType":"semver"},{"version":"6.0.2","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-05T14:06:39.473309Z","id":"CVE-2024-23669","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-05T14:11:01.521Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T23:06:25.272Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","tags":["x_transferred"]}]}]}}