SecuriTricks - CVE-2024-23104

Description

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests

Product(s) Impacted

Vendor	Product	Versions
Fortinet	Fortindr Fortivoice	7.6.0, 7.4.0-7.4.8, 7.2, 7.1, 7.0 7.0.0-7.0.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	fortinet	fortindr	7.6.0	/	/	/	/	/	/	/
a	fortinet	fortindr	7.4.0-7.4.8	/	/	/	/	/	/	/
a	fortinet	fortindr	7.2	/	/	/	/	/	/	/
a	fortinet	fortindr	7.1	/	/	/	/	/	/	/
a	fortinet	fortindr	7.0	/	/	/	/	/	/	/
a	fortinet	fortivoice	7.0.0-7.0.1	/	/	/	/	/	/	/

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-124

CVSS Score

5.4 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

View Vector String

Timeline

Published: April 14, 2026, 4:16 p.m.
Last Modified: April 14, 2026, 4:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2024-23104