CVE-2024-23664

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.

Published: Jun 3, 2024
Updated: May 4, 2025
CVE: CVE-2024-23664
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
fortinet / fortiauthenticator	6.6.0	6.6.0.x
fortinet / fortiauthenticator	6.4.0	6.5.4

https://fortiguard.fortinet.com/psirt/FG-IR-23-465

Vulnerability Database

289,697

CVE-2024-23664