CVE-2023-44249
4.3MEDIUMAn authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote att
게시됨: 10/10/2023업데이트됨: 11/21/2024
설명
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.
AI 분석AI 기반
영향받는 제품
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
7.4.0
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
7.4.0
참조
- https://fortiguard.com/psirt/FG-IR-23-201Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqjThird Party Advisory
- https://fortiguard.com/psirt/FG-IR-23-201Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqjThird Party Advisory