CVE-2023-50176

Published: Nov 12, 2024Modified: Dec 12, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.

Affected (3)

Products: Fortinet: Fortios

Fortinet

1 product

Fortios

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 7.0.0 to 7.0.14
Fortinet Fortios	From 7.2.0 to 7.2.8
Fortinet Fortios	From 7.4.0 to 7.4.4

Related CWEs

CWE-384

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-23-475

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.