CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

unauthorized backup file access

unknownCVE-2024-23104
CVSSv3 Score: 5.4 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNDR and FortiVoice may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests. Revised on 2026-04-14 00:00:00

CSIRTS triage

What
Sensitive backup information can be accessed by a remote authenticated attacker.
Who is affected
Remote authenticated users with read-only permission on system maintenance for FortiNDR and FortiVoice.
Urgency
This vulnerability can lead to unauthorized access to sensitive information, necessitating immediate action.
Action
Implement the latest security updates for FortiNDR and FortiVoice.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch FortiNDR and FortiVoice

Get an email when a new FortiNDR and FortiVoice advisory drops — max one per day, one-click unsubscribe.

Details

Source
Fortinet FortiGuard PSIRT (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-04-14
Exploitation
Not in CISA KEV at last sync

Original advisory: https://fortiguard.fortinet.com/psirt/FG-IR-26-124

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2024-23104coverage & exploitation statusNVD · CVE.org

More from Fortinet FortiGuard PSIRT