What is CVE-2024-23664?

CVE-2024-23664 is a medium-severity vulnerability in Fortinet Fortiauthenticator, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 5.8/10. Published 2024-06-03.

How severe is CVE-2024-23664?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Open Redirect in Fortinet Fortiauthenticator

CVE-2024-23664

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.

Vulnerability class: Open Redirect

EPSS: 0.003 (56.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C.

Affected products

Fortinet Fortiauthenticator — versions 6.6.0, 6.5.0, 6.4.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-465

Frequently asked questions

What is CVE-2024-23664?: CVE-2024-23664 is a medium-severity vulnerability in Fortinet Fortiauthenticator, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 5.8/10. Published 2024-06-03.
How severe is CVE-2024-23664?: Medium severity. CVSS v3 base score is 5.8 out of 10.