Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-23662

CVE-2024-23662: Fortinet FortiOS Info Disclosure Flaw

CVE-2024-23662 is an information disclosure vulnerability in Fortinet FortiOS that exposes sensitive data to unauthorized actors via HTTP requests. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2024-23662 Overview

CVE-2024-23662 is an information disclosure vulnerability affecting multiple versions of Fortinet FortiOS. The flaw allows an unauthenticated remote attacker to obtain sensitive information by sending crafted HTTP requests to vulnerable devices. The issue is tracked under CWE-200: Exposure of Sensitive Information to an Unauthorized Actor and is documented in the FortiGuard Security Advisory FG-IR-23-224.

Critical Impact

An unauthenticated network attacker can retrieve sensitive information from affected FortiOS devices through HTTP requests, with no privileges or user interaction required.

Affected Products

  • Fortinet FortiOS 7.4.0 through 7.4.1
  • Fortinet FortiOS 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15
  • Fortinet FortiOS 6.4.0 through 6.4.15

Discovery Timeline

  • 2024-04-09 - CVE-2024-23662 published to the National Vulnerability Database (NVD)
  • 2024-12-11 - Last updated in NVD database

Technical Details for CVE-2024-23662

Vulnerability Analysis

The vulnerability is an Information Disclosure issue in Fortinet FortiOS classified under [CWE-200]. An unauthorized actor can elicit sensitive data from the device by issuing HTTP requests to an exposed management or service interface. The flaw is network-reachable, requires no authentication, and requires no user interaction, making it trivial to weaponize against internet-facing FortiGate appliances.

The disclosed data category is not enumerated in the advisory, but [CWE-200] commonly covers leakage of configuration data, internal identifiers, session artifacts, or other server-side state. Attackers typically chain such disclosures with subsequent authenticated or protocol-level exploits to escalate impact.

Root Cause

The root cause is improper restriction of sensitive response content within the FortiOS HTTP handling path. The service returns data that should be limited to authenticated or privileged contexts when processing specific HTTP requests. Fortinet has not published exploit-level technical details, instead remediating affected branches through their PSIRT advisory.

Attack Vector

The attack vector is network-based. An attacker reaches the affected HTTP service on the FortiGate device and issues requests that trigger the disclosure. Because the integrity and availability impact is none, this vulnerability is purely confidentiality-affecting and is most useful as a reconnaissance or pre-attack primitive. Refer to the FortiGuard advisory FG-IR-23-224 for vendor guidance.

Detection Methods for CVE-2024-23662

Indicators of Compromise

  • Unexpected HTTP GET or POST requests to FortiOS administrative or service endpoints from untrusted sources.
  • HTTP responses from FortiGate devices containing unusually large payloads or sensitive content correlated with unauthenticated sessions.
  • Repeated probing patterns from a single source IP targeting FortiOS HTTP listeners.

Detection Strategies

  • Inspect FortiGate HTTP/HTTPS access logs for anomalous request paths and unauthenticated traffic to management interfaces.
  • Correlate firewall logs with threat intelligence feeds for known Fortinet scanning infrastructure.
  • Deploy network IDS signatures targeting reconnaissance patterns against FortiOS service endpoints.

Monitoring Recommendations

  • Forward FortiOS event and traffic logs to a centralized SIEM for retention and correlation against historical baselines.
  • Alert on any administrative interface access originating from outside approved management networks.
  • Track FortiOS firmware version inventory continuously to confirm patched builds remain deployed.

How to Mitigate CVE-2024-23662

Immediate Actions Required

  • Identify all FortiGate devices and inventory the running FortiOS version against the affected ranges above.
  • Restrict access to FortiOS administrative HTTP and HTTPS interfaces to trusted management networks only.
  • Apply the fixed FortiOS releases referenced in the FortiGuard advisory FG-IR-23-224 as soon as a maintenance window permits.

Patch Information

Fortinet has released fixed builds for affected FortiOS branches. Consult the FortiGuard Security Advisory FG-IR-23-224 for the exact fixed version corresponding to each branch (7.4.x, 7.2.x, 7.0.x, and 6.4.x) and upgrade paths.

Workarounds

  • Disable HTTP/HTTPS administrative access on untrusted interfaces using config system interface and removing http and https from allowaccess.
  • Enforce trusted-host restrictions on administrative accounts via config system admin to limit source IPs.
  • Place FortiGate management interfaces behind a VPN or jump host until patching is complete.
bash
# Configuration example: restrict admin HTTP/HTTPS access on a WAN interface
config system interface
    edit "wan1"
        set allowaccess ping
    next
end

# Restrict admin source IPs via trusted hosts
config system admin
    edit "admin"
        set trusthost1 10.0.0.0 255.255.255.0
    next
end

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.