CVE-2024-23104

medium

Fortinet

CVSS v3 Base Score

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Score

0.1%

Exploitation probability in 30 days

Top 83% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

Low

Integrity

Low

Availability

None

Published: April 14, 2026 (29 days ago)

Last Modified: April 20, 2026

Vendor: Fortinet

Source: NVD

Description

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests

CWE

CWE-200

Affected Products

fortinet fortivoicefortinet fortindr

References

🔗 fortiguard.fortinet.com

CVE-2024-23104

Vulnerability Report

Description

CWE

Affected Products

References