cvelistv5 - cve-2024-32124

CVE-2024-32124 (GCVE-0-2024-32124)

Vulnerability from cvelistv5

Published

2025-07-18 08:08

Modified

2025-07-18 13:45

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U

CWE

CWE-284 - Improper access control

Summary

An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.

References

URL

Tags

psirt@fortinet.com

https://fortiguard.fortinet.com/psirt/FG-IR-24-045

Vendor Advisory

Impacted products

	Vendor	Product	Version
	Fortinet	FortiIsolator	Version: 2.4.3 ≤ 2.4.4 Version: 2.3.0 ≤ 2.3.4 cpe:2.3:a:fortinet:fortiisolator:2.4.4:::::::* cpe:2.3:a:fortinet:fortiisolator:2.4.3:::::::* cpe:2.3:a:fortinet:fortiisolator:2.3.4:::::::* cpe:2.3:a:fortinet:fortiisolator:2.3.3:::::::* cpe:2.3:a:fortinet:fortiisolator:2.3.2:::::::* cpe:2.3:a:fortinet:fortiisolator:2.3.1:::::::* cpe:2.3:a:fortinet:fortiisolator:2.3.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32124",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T13:45:16.553405Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T13:45:22.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiIsolator",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4",
              "status": "affected",
              "version": "2.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.3.4",
              "status": "affected",
              "version": "2.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T08:08:21.544Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiIsolator version 2.4.5 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-32124",
    "datePublished": "2025-07-18T08:08:21.544Z",
    "dateReserved": "2024-04-11T12:09:46.571Z",
    "dateUpdated": "2025-07-18T13:45:22.747Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-32124\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-07-18T08:15:26.890\",\"lastModified\":\"2025-07-22T17:08:39.680\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de control de acceso inadecuado [CWE-284] en el componente de registro de FortiIsolator versi\u00f3n 2.4.4, versi\u00f3n 2.4.3, 2.3 y todas las versiones puede permitir que un atacante remoto autenticado de solo lectura altere los registros a trav\u00e9s de una solicitud HTTP manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndIncluding\":\"2.3.4\",\"matchCriteriaId\":\"23294BAD-8A68-41FF-9C58-B525D8732B03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.3\",\"versionEndExcluding\":\"2.4.5\",\"matchCriteriaId\":\"5333357F-9C1C-4122-A146-2181665A3B17\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-045\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32124\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-18T13:45:16.553405Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-18T13:45:19.818Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiIsolator\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.4.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.4.4\"}, {\"status\": \"affected\", \"version\": \"2.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.3.4\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiIsolator version 2.4.5 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-045\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-045\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper access control\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-07-18T08:08:21.544Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-32124\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-18T13:45:22.747Z\", \"dateReserved\": \"2024-04-11T12:09:46.571Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-07-18T08:08:21.544Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2024-32124

Vulnerability from fkie_nvd

Published

2025-07-18 08:15

Modified

2025-07-22 17:08

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-045	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	fortiisolator	*
	fortinet	fortiisolator	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23294BAD-8A68-41FF-9C58-B525D8732B03",
              "versionEndIncluding": "2.3.4",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5333357F-9C1C-4122-A146-2181665A3B17",
              "versionEndExcluding": "2.4.5",
              "versionStartIncluding": "2.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en el componente de registro de FortiIsolator versi\u00f3n 2.4.4, versi\u00f3n 2.4.3, 2.3 y todas las versiones puede permitir que un atacante remoto autenticado de solo lectura altere los registros a trav\u00e9s de una solicitud HTTP manipulada."
    }
  ],
  "id": "CVE-2024-32124",
  "lastModified": "2025-07-22T17:08:39.680",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-18T08:15:26.890",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

CERTFR-2025-AVI-0575

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.3
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.4.7
Fortinet	FortiOS	FortiOS versions 7.2.x et antérieures à 7.2.12
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.2.7
Fortinet	FortiManager	FortiManager versions antérieures à 7.6.2
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.4.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.11
Fortinet	FortiOS	FortiOS versions antérieures à 7.2.11
Fortinet	FortiIsolator	FortiIsolator versions antérieures à 2.4.5
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.11
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.2
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.7
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.8
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet	FortiProxy	FortiProxy versions 7.x antérieures à 7.4.9
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-511	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-026	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-035	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-151	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-045	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-437	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-250	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-053	2025-07-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x et ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-52965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52965"
    },
    {
      "name": "CVE-2025-25257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25257"
    },
    {
      "name": "CVE-2025-24474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24474"
    },
    {
      "name": "CVE-2024-32124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32124"
    },
    {
      "name": "CVE-2024-55599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55599"
    },
    {
      "name": "CVE-2025-24477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24477"
    },
    {
      "name": "CVE-2024-27779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27779"
    },
    {
      "name": "CVE-2025-47856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47856"
    }
  ],
  "initial_release_date": "2025-07-09T00:00:00",
  "last_revision_date": "2025-07-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0575",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-511",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-511"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-026",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-026"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-035",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-035"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-151",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-151"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-045",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-045"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-437",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-437"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-250",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-250"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-053",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-053"
    }
  ]
}

cnvd-2025-16957

Vulnerability from cnvd

Title

Fortinet FortiIsolator访问控制错误漏洞

Description

Fortinet FortiIsolator是美国飞塔（Fortinet）公司的一个为浏览器提供远程安全隔离功能的应用。该应用为Fortinet Security Fabric添加了额外的高级威胁防护功能，并保护关键业务数据免受网络上复杂威胁的侵害。来自Web的内容和文件在远程容器中访问，然后将无风险的内容呈现给用户。 Fortinet FortiIsolator存在访问控制错误漏洞，该漏洞源于日志组件访问控制不当，攻击者可利用该漏洞通过特制HTTP请求修改日志。

Severity

中

Patch Name

Fortinet FortiIsolator访问控制错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://fortiguard.fortinet.com/psirt/FG-IR-24-045

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-32124

Impacted products

Name
['Fortinet FortiIsolator >=2.3.0，<=2.3.4', 'Fortinet FortiIsolator >=2.4.3，<=2.4.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-32124",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-32124"
    }
  },
  "description": "Fortinet FortiIsolator\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u4e3a\u6d4f\u89c8\u5668\u63d0\u4f9b\u8fdc\u7a0b\u5b89\u5168\u9694\u79bb\u529f\u80fd\u7684\u5e94\u7528\u3002\u8be5\u5e94\u7528\u4e3aFortinet Security Fabric\u6dfb\u52a0\u4e86\u989d\u5916\u7684\u9ad8\u7ea7\u5a01\u80c1\u9632\u62a4\u529f\u80fd\uff0c\u5e76\u4fdd\u62a4\u5173\u952e\u4e1a\u52a1\u6570\u636e\u514d\u53d7\u7f51\u7edc\u4e0a\u590d\u6742\u5a01\u80c1\u7684\u4fb5\u5bb3\u3002\u6765\u81eaWeb\u7684\u5185\u5bb9\u548c\u6587\u4ef6\u5728\u8fdc\u7a0b\u5bb9\u5668\u4e2d\u8bbf\u95ee\uff0c\u7136\u540e\u5c06\u65e0\u98ce\u9669\u7684\u5185\u5bb9\u5448\u73b0\u7ed9\u7528\u6237\u3002\n\nFortinet FortiIsolator\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u65e5\u5fd7\u7ec4\u4ef6\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236HTTP\u8bf7\u6c42\u4fee\u6539\u65e5\u5fd7\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.fortinet.com/psirt/FG-IR-24-045",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-16957",
  "openTime": "2025-07-25",
  "patchDescription": "Fortinet FortiIsolator\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u4e3a\u6d4f\u89c8\u5668\u63d0\u4f9b\u8fdc\u7a0b\u5b89\u5168\u9694\u79bb\u529f\u80fd\u7684\u5e94\u7528\u3002\u8be5\u5e94\u7528\u4e3aFortinet Security Fabric\u6dfb\u52a0\u4e86\u989d\u5916\u7684\u9ad8\u7ea7\u5a01\u80c1\u9632\u62a4\u529f\u80fd\uff0c\u5e76\u4fdd\u62a4\u5173\u952e\u4e1a\u52a1\u6570\u636e\u514d\u53d7\u7f51\u7edc\u4e0a\u590d\u6742\u5a01\u80c1\u7684\u4fb5\u5bb3\u3002\u6765\u81eaWeb\u7684\u5185\u5bb9\u548c\u6587\u4ef6\u5728\u8fdc\u7a0b\u5bb9\u5668\u4e2d\u8bbf\u95ee\uff0c\u7136\u540e\u5c06\u65e0\u98ce\u9669\u7684\u5185\u5bb9\u5448\u73b0\u7ed9\u7528\u6237\u3002\r\n\r\nFortinet FortiIsolator\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u65e5\u5fd7\u7ec4\u4ef6\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236HTTP\u8bf7\u6c42\u4fee\u6539\u65e5\u5fd7\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiIsolator\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiIsolator \u003e=2.3.0\uff0c\u003c=2.3.4",
      "Fortinet FortiIsolator \u003e=2.4.3\uff0c\u003c=2.4.4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-32124",
  "serverity": "\u4e2d",
  "submitTime": "2025-07-25",
  "title": "Fortinet FortiIsolator\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

gsd-2024-32124

Vulnerability from gsd

Modified

2024-04-12 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-32124

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-32124"
      ],
      "id": "GSD-2024-32124",
      "modified": "2024-04-12T05:02:22.133313Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-32124",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

ghsa-q3ww-hc8h-pvwj

Vulnerability from github

Published

2025-07-18 09:30

Modified

2025-07-18 09:30

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-32124"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-18T08:15:26Z",
    "severity": "MODERATE"
  },
  "details": "An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.",
  "id": "GHSA-q3ww-hc8h-pvwj",
  "modified": "2025-07-18T09:30:31Z",
  "published": "2025-07-18T09:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32124"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-32124 (GCVE-0-2024-32124)

Vulnerability from cvelistv5

fkie_cve-2024-32124

Vulnerability from fkie_nvd

CERTFR-2025-AVI-0575

Vulnerability from certfr_avis

Solutions

cnvd-2025-16957

Vulnerability from cnvd

gsd-2024-32124

Vulnerability from gsd

ghsa-q3ww-hc8h-pvwj

Vulnerability from github

Tags

Sightings

Nomenclature