CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2024-23104

unknowncovered by 1 sourcefirst seen 2026-04-14
CVSSv3 Score: 5.4 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNDR and FortiVoice may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests. Revised on 2026-04-14 00:00:00

CSIRTS triage

What
Sensitive backup information can be accessed by a remote authenticated attacker.
Who is affected
Remote authenticated users with read-only permission on system maintenance for FortiNDR and FortiVoice.
Urgency
This vulnerability can lead to unauthorized access to sensitive information, necessitating immediate action.
Action
Implement the latest security updates for FortiNDR and FortiVoice.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2024-23104

Get an email if CVE-2024-23104 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2024-23104

CVE.org record

Embed the live status

CVE-2024-23104 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2024-23104 status](https://www.csirts.com/badge/CVE-2024-23104)](https://www.csirts.com/cve/CVE-2024-23104)