Published: 12/03/2024 Updated: 15/03/2024

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 0

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 up to and including 7.4.1, 7.2.0 up to and including 7.2.6, 7.0.1 up to and including 7.0.13, 6.4.7 up to and including 6.4.14, and FortiProxy version 7.4.0 up to and including 7.4.2, 7.2.0 up to and including 7.2.8, 7.0.0 up to and including 7.0.14 SSL-VPN may allow an authenticated malicious user to gain access to another user’s bookmark via URL manipulation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fortinet fortios
fortinet fortiproxy

March Patch Tuesday sees Hyper-V join the guest-host escape club

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet

Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities – none listed as under active attack or already known to the public. We'll hold our judgement until tomorrow to see if Exploit Wednesday lives up to its name. But in the meantime, here's a look at Redmond's security bugs. Two of the latest patches are listed as critical and both affect Windows Hyper-V hypervisor. Oddly, the two critical bugs didn't receive the highest CVSS ratings – but ...

CVE-2024-23112

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect