CVE-2023-44253

Published: Feb 15, 2024Modified: Nov 21, 2024

5.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Exploitability: 3.1 / Impact: 1.4

Source: NVD

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.

Affected (12)

Products: Fortinet: Fortianalyzer, Fortimanager

Fortinet

2 products

Fortianalyzer

Fortimanager

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	From 6.2.0 to 6.2.12
Fortinet Fortianalyzer	From 6.4.0 to 6.4.14
Fortinet Fortianalyzer	From 7.0.0 to 7.0.11
Fortinet Fortianalyzer	From 7.2.0 to 7.2.3
Fortinet Fortianalyzer	Version 7.4.0
Fortinet Fortianalyzer	Version 7.4.1
Fortinet Fortimanager	From 6.2.0 to 6.2.12
Fortinet Fortimanager	From 6.4.0 to 6.4.14
Fortinet Fortimanager	From 7.0.0 to 7.0.11
Fortinet Fortimanager	From 7.2.0 to 7.2.3
Fortinet Fortimanager	Version 7.4.0
Fortinet Fortimanager	Version 7.4.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://fortiguard.com/psirt/FG-IR-23-268

Source: psirt@fortinet.com

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-25j8-69h7-83h2

Source: psirt@fortinet.com

https://fortiguard.com/psirt/FG-IR-23-268

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-25j8-69h7-83h2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.