Description
An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
Published: 2024-06-05
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Upgrade to FortiWebManager version 7.4.0 or above Upgrade to FortiWebManager version 7.2.1 or above Upgrade to FortiWebManager version 7.0.5 or above Upgrade to FortiWebManager version 6.3.1 or above Upgrade to FortiWebManager version 6.2.5 or above

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-21142 An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Description An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
CPEs cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X'}

cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:X'}


Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00154}

epss

{'score': 0.00258}


Subscriptions

Fortinet Fortiweb Manager Fortiwebmanager
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-07-08T13:03:45.914Z

Reserved: 2024-01-19T08:23:28.613Z

Link: CVE-2024-23669

cve-icon Vulnrichment

Updated: 2024-08-01T23:06:25.272Z

cve-icon NVD

Status : Modified

Published: 2024-06-05T08:15:09.537

Modified: 2026-06-17T07:13:21.000

Link: CVE-2024-23669

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses