vulnerability
Fortinet FortiAnalyzer: Client-Side Enforcement of Server-Side Security (CVE-2024-23666)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:S/C:C/I:C/A:C) | Nov 12, 2024 | Jan 24, 2025 | Apr 7, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
Nov 12, 2024
Added
Jan 24, 2025
Modified
Apr 7, 2026
Description
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData
at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.
Solutions
fortinet-fortianalyzer-upgrade-6_4_15fortinet-fortianalyzer-upgrade-7_0_13fortinet-fortianalyzer-upgrade-7_2_6fortinet-fortianalyzer-upgrade-7_4_3
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.