What the vulnerability does
01Description
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.
CVSS base score
6.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:X/RC:X
Key dates
02Disclosure timeline
October 10, 2023
CVE published
September 18, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-36351 IBM License Metric Tool bypass security
CVE-2025-58726 Windows SMB Server Elevation of Privilege Vulnerability
CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.
CVE-2023-0916 SourceCodester Auto Dealer Management System Users.php access control
CVE-2024-32045 Playbook run link to private channel grants channel access
