Fortinet FortiWeb up to 7.6.0 Log Access Event Page information expsure

Summaryinfo

A vulnerability classified as problematic has been found in Fortinet FortiWeb up to 6.3.23/7.0.10/7.2.10/7.4.3/7.6.0. This impacts an unknown function of the component Log Access Event Page. This manipulation causes information expsure. This vulnerability is tracked as CVE-2024-36509. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Fortinet FortiWeb up to 6.3.23/7.0.10/7.2.10/7.4.3/7.6.0. It has been declared as problematic. Affected by this vulnerability is some unknown processing of the component Log Access Event Page. The manipulation with an unknown input leads to a information expsure vulnerability. The CWE definition for the vulnerability is CWE-497. The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. As an impact it is known to affect confidentiality. The summary by CVE is:

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.

It is possible to read the advisory at fortiguard.fortinet.com. This vulnerability is known as CVE-2024-36509 since 05/29/2024. The exploitation appears to be easy. The attack can be launched remotely. Additional levels of successful authentication are required for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

The vulnerability scanner Nessus provides a plugin with the ID 210870 (Fortinet FortiWeb Exposure of password hashes to read-only admin (FG-IR-24-180)), which helps to determine the existence of the flaw in a target environment.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (210870). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Fortinet

Name

• FortiWeb

Version

• 6.3.0
• 6.3.1
• 6.3.2
• 6.3.3
• 6.3.4
• 6.3.5
• 6.3.6
• 6.3.7
• 6.3.8
• 6.3.9
• 6.3.10
• 6.3.11
• 6.3.12
• 6.3.13
• 6.3.14
• 6.3.15
• 6.3.16
• 6.3.17
• 6.3.18
• 6.3.19
• 6.3.20
• 6.3.21
• 6.3.22
• 6.3.23
• 7.0
• 7.0.0
• 7.0.1
• 7.0.2
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.0.7
• 7.0.8
• 7.0.9
• 7.0.10
• 7.1
• 7.2
• 7.2.0
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.4
• 7.2.5
• 7.2.6
• 7.2.7
• 7.2.8
• 7.2.9
• 7.2.10
• 7.3
• 7.4
• 7.4.0
• 7.4.1
• 7.4.2
• 7.4.3
• 7.5
• 7.6.0

License

• commercial

Website

• Vendor: https://www.fortinet.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion