CVE-2024-33510 LOW

CVE-2024-33510

Vendor Fortinet
Product FortiOS
Weakness CWE-358
Published November 12, 2024
Last update November 13, 2024

CVSS base score

3.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:R

What the vulnerability does

01Description

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 13, 2024 Record updated