CVE-2024-23663 | FortiExtender - Web UI Operational Intel

Executive Risk Summary

"An improper access control vulnerability in Fortinet FortiExtender allows an attacker to create users with elevated privileges via a crafted HTTP request, potentially leading to unauthorized access and data breaches. Affected versions include FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4, and 7.4.0 - 7.4.2."

Operational Audit Arsenal

Target Type Firmware Image

Target Asset FortiExtender Firmware

Standard Path Global Firmware

Manual Verification Required

This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

FortiExtender vulnerability CVE-2024-23663: Improper access control allows attackers to create users with elevated privileges. Verify version and apply patch if necessary.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://fortiguard.com/psirt/FG-IR-23-459

Scope of Impact

Fortinet FortiextenderFortinet Fortiextender FirmwareFortinet Fortiextender Firmware (Version 5.3.2)

Original NVD Description

"An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request."

Related Fortinet Threats

CVE-2024-23108 CVSS 10

FortiGate - API

CVE-2024-23109 CVSS 10

FortiGate - API

CVE-2023-34992 CVSS 10

FortiGate - API

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.