{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:10:26.689","vulnerabilities":[{"cve":{"id":"CVE-2024-23112","sourceIdentifier":"psirt@fortinet.com","published":"2024-03-12T15:15:49.090","lastModified":"2024-11-21T08:56:57.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation."},{"lang":"es","value":"Una omisión de autorización a través de una vulnerabilidad de clave controlada por el usuario [CWE-639] en FortiOS versión 7.4.0 a 7.4.1, 7.2.0 a 7.2.6, 7.0.1 a 7.0.13, 6.4.7 a 6.4.14, y FortiProxy versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14 SSL-VPN puede permitir que un atacante autenticado obtenga acceso al marcador de otro usuario mediante manipulación de URL."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.14","matchCriteriaId":"94C6FBEA-B8B8-4A92-9CAF-F4A125577C3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.8","matchCriteriaId":"406F8C48-85CE-46AF-BE5C-0ED9E3E16A39"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndIncluding":"7.4.2","matchCriteriaId":"A8DD8789-6485-49E6-92D3-74004D9B6E9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.7","versionEndIncluding":"6.4.14","matchCriteriaId":"4841D40B-DA6E-4B4A-A698-8E23B3E40101"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndIncluding":"7.0.13","matchCriteriaId":"40193C91-DAF4-4A0D-9AA7-0D4DDE964488"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.6","matchCriteriaId":"24D09A92-81EC-4003-B017-C67FC739EEBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndIncluding":"7.4.1","matchCriteriaId":"2E2A5347-D536-4D43-A163-5B5A3AFE742C"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-24-013","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-24-013","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}