CVE-2023-44250
8.8HIGHAn improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an aut
Published: 1/10/2024Updated: 11/21/2024
Description
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.
AI AnalysisPowered by AI
Affected Products
fortinetfortiproxy
7.4.0
fortinetfortiproxy
7.4.1
fortinetfortios
7.2.5
fortinetfortios
7.4.0
fortinetfortios
7.4.1
References
- https://fortiguard.com/psirt/FG-IR-23-315Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-23-315Vendor Advisory