CVE-2024-23664 MEDIUM

CVE-2024-23664

Vendor Fortinet
Product FortiAuthenticator
Weakness CWE-601 · Open redirect
Published June 3, 2024
Last update August 1, 2024

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C

What the vulnerability does

01Description

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.

Key dates

02Disclosure timeline

June 3, 2024 CVE published
August 1, 2024 Record updated