{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-23104", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-01-11T16:29:07.978Z", "datePublished": "2026-04-14T15:38:18.540Z", "dateUpdated": "2026-04-14T16:46:15.501Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiVoice", "cpes": ["cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.1", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiNDR", "cpes": ["cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.6.0", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.8", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.5", "status": "affected"}, {"versionType": "semver", "version": "7.1.0", "lessThanOrEqual": "7.1.1", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:18.540Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiVoice version 7.0.2 or above\nUpgrade to FortiVoice version 6.4.9 or above\nUpgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.9 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T16:25:58.464987Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:46:15.501Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T16:25:58.464987Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:37:12.718Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiVoice", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.1"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiNDR", "versions": [{"status": "affected", "version": "7.6.0"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.8"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.5"}, {"status": "affected", "version": "7.1.0", "versionType": "semver", "lessThanOrEqual": "7.1.1"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.7"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiVoice version 7.0.2 or above\nUpgrade to FortiVoice version 6.4.9 or above\nUpgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.9 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124"}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:18.540Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23104", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:46:15.501Z", "dateReserved": "2024-01-11T16:29:07.978Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-14T15:38:18.540Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests"}], "id": "CVE-2024-23104", "lastModified": "2026-04-14T16:16:28.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-14T16:16:28.723", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.4.0,7.4.8]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.2.0,7.2.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.1.0,7.1.1]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.0.7]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiNDR", "source": "cna", "vendor": "Fortinet"}, "product": "fortindr", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.0.1]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiVoice", "source": "cna", "vendor": "Fortinet"}, "product": "fortivoice", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-14T17:40:19.627253+00:00", "value": {"mitigation_remediation": ["Upgrade FortiVoice to version 7.0.2 or later", "Upgrade FortiVoice to version 6.4.9 or later (for older product line)", "Upgrade FortiNDR to version 7.6.1 or later", "Upgrade FortiNDR to version 7.4.9 or later (for older product line)"], "summary": {"action": "Immediate Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "The affected products are Fortinet FortiNDR across multiple major releases, namely 7.0.0 through 7.6.0, and all intermediate versions, as well as FortiVoice 7.0.0 and 7.0.1. These devices run on the Fortinet platform and provide network detection and voice services, respectively. Any deployment of these products that has not yet upgraded to the specified patches is susceptible to the described issue.", "description_and_impact": "An authentication-based vulnerability permits a remote attacker to retrieve confidential backup data by sending specially crafted HTTP requests. The flaw allows exposure of sensitive information without providing the attacker with additional privileges beyond those granted by standard read-only maintenance access. The vulnerability is identified as a typical information disclosure flaw, typically classified under CWE-200, which can lead to unauthorized data exposure and potential compromise of operational secrets.", "risk_and_exploitability": "The CVSS score of 5.4 indicates a moderate risk level. Although no EPSS score is published, the vulnerability requires authenticated access with read\u2011only permissions, which means the attack surface is limited to users with legitimate system maintenance roles. The lack of a listing in the CISA KEV catalog suggests there is no active exploitation noticed in the wild yet. Nonetheless, the potential impact on confidentiality warrants prompt remediation. The attacker would need to authenticate to the system, then forge HTTP requests to extract backup material, which could contain sensitive logs or configuration data."}}}}, "created": "2026-04-15T14:41:09.658441+00:00", "title": "Sensitive Information Exposure via Crafted HTTP Requests in FortiNDR and FortiVoice", "updated": "2026-04-15T15:30:06.818950+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortindr", "fortinet$PRODUCT$fortivoice"]}