CVE-2023-41673

Published: Dec 13, 2023Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

Affected (9)

Products: Fortinet: Fortiadc

Fortinet

1 product

Fortiadc

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiadc	From 6.0.0 to 6.0.4
Fortinet Fortiadc	From 6.1.0 to 6.1.6
Fortinet Fortiadc	From 6.2.0 to 6.2.6
Fortinet Fortiadc	From 7.0.0 to 7.0.5
Fortinet Fortiadc	Version 7.1.0
Fortinet Fortiadc	Version 7.1.1
Fortinet Fortiadc	Version 7.1.2
Fortinet Fortiadc	Version 7.2.0
Fortinet Fortiadc	Version 7.4.0

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://fortiguard.com/psirt/FG-IR-23-270

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-270

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.