CVE-2023-44249
4.3MEDIUMAn authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote att
Publicado: 10/10/2023Atualizado: 11/21/2024
Descrição
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.
Análise IADesenvolvido por IA
Produtos Afetados
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
7.4.0
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
7.4.0
Referências
- https://fortiguard.com/psirt/FG-IR-23-201Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqjThird Party Advisory
- https://fortiguard.com/psirt/FG-IR-23-201Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqjThird Party Advisory