CVE-2023-44249
4.3MEDIUMAn authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote att
Published: 10/10/2023Updated: 11/21/2024
Description
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.
AI AnalysisPowered by AI
Affected Products
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
7.4.0
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
7.4.0
References
- https://fortiguard.com/psirt/FG-IR-23-201Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqjThird Party Advisory
- https://fortiguard.com/psirt/FG-IR-23-201Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqjThird Party Advisory