CVE-2024-23663 Information

Description

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9 4.2.0 - 4.2.6 5.3.2 7.0.0 - 7.0.4 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.

Reference

https://fortiguard.com/psirt/FG-IR-23-459