www.cvedetails.com
Open in
urlscan Pro
2606:4700:4400::6812:2056
Public Scan
Submitted URL: http://cvedetails.com/cve/CVE-2024-23110/?q=CVE-2024-23110
Effective URL: https://www.cvedetails.com/cve/CVE-2024-23110/?q=CVE-2024-23110
Submission: On June 13 via api from DE — Scanned from DE
Effective URL: https://www.cvedetails.com/cve/CVE-2024-23110/?q=CVE-2024-23110
Submission: On June 13 via api from DE — Scanned from DE
Form analysis 1 forms found in the DOM
Name: vulnautocompletesearchform — GET /google-search-results.php
<form class="form w-100" action="/google-search-results.php" method="get" onsubmit="return onvulnautocompletesearchformsubmit()" name="vulnautocompletesearchform" id="vulnautocompletesearchform">
<div id="unifiedsearchbox" class="w-100">
<div class="input-group">
<span class="input-group-text bg-white" id="unified-search-icon"><i class="fas fa-search"></i></span>
<input class="form-control border-start-0 ui-autocomplete-input" id="unifiedsearchinput" name="q" aria-label="Search" aria-describedby="unified-search-icon" placeholder="CVE id, product, vendor..." autocomplete="off">
<input class="btn btn-primary" type="submit" value="Search">
</div>
</div>
</form>Text Content
Documentation Documentation * Log in CVEdetails.com powered by SecurityScorecard Vulnerabilities By Date By Type Known Exploited Assigners CVSS Scores EPSS Scores Search Vulnerable Software Vendors Products Version Search Vulnerability Intel. Newsfeed Open Source Vulns Emerging CVEs Feeds Exploits Advisories Code Repositories Code Changes Attack Surface My Attack Surface Digital Footprint Discovered Products Detected Vulns IP Search Other Metasploit Modules CWE Definitions CAPEC Definitions Articles Blog VULNERABILITY DETAILS : CVE-2024-23110 A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands Published 2024-06-11 15:16:04 Updated 2024-06-13 18:36:45 Source Fortinet, Inc. View at NVD, CVE.org Vulnerability category: Overflow EXPLOIT PREDICTION SCORING SYSTEM (EPSS) SCORE FOR CVE-2024-23110 EPSS FAQ 0.04% Probability of exploitation activity in the next 30 days EPSS Score History ~ 9 % Percentile, the proportion of vulnerabilities that are scored at or less CVSS SCORES FOR CVE-2024-23110 Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9 Fortinet, Inc. 2024-06-11 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High CWE IDS FOR CVE-2024-23110 * CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). Assigned by: psirt@fortinet.com (Primary) REFERENCES FOR CVE-2024-23110 * https://fortiguard.com/psirt/FG-IR-23-460 PSIRT | FortiGuard Labs Please sign in to view affected product information. Due to excessive website scraping attempts, trying to scrape affected product information provided by CVEdetails.com (i.e not provided by NVD), authentication is required for viewing affected product information. About Terms of Use Privacy Policy CVE Help FAQ How it works SecurityScorecard 1140 Avenue of the Americas 19th Floor New York, NY 10036 info@securityscorecard.io United States: (800) 682-1707 International: +1(646) 809-2166 Products Solutions Customers Marketplace Partners Resources Company Trust Portal Security Ratings Login Blog Contact Careers Feedback This product uses data from the NVD API but is not endorsed or certified by the NVD. See NVD website for more information. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site. This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy. By using this web site you are agreeing to CVEdetails.com terms of use! Accept Close