CVE-2023-25609
4.3MEDIUMA server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated a
Published: 6/13/2023Updated: 11/21/2024
Description
A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.
AI AnalysisPowered by AI
Affected Products
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
7.2.0
fortinetfortianalyzer
7.2.1
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
7.2.0
fortinetfortimanager
7.2.1
References
- https://fortiguard.com/psirt/FG-IR-22-493Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-22-493Vendor Advisory