CVE-2024-33506 Information

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below 7.2.5 and below 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-23-472