Lucene search

FortinetCVE-2023-41673

HistoryDec 13, 2023 - 7:15 a.m.

CVE-2023-41673

2023-12-1307:15:15

CWE-285

fortinet

web.nvd.nist.gov

cve-2023-41673

nvd

fortinet

fortiadc

cwe-285

security vulnerability

authorization

http

https

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RC:C

AI Score

5.3

Confidence

High

EPSS

Percentile

14.0%

JSON

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

Affected configurations

Nvd

Node

fortinetfortiadcRange6.0.0–6.0.4

fortinetfortiadcRange6.1.0–6.1.6

fortinetfortiadcRange6.2.0–6.2.6

fortinetfortiadcRange7.0.0–7.0.5

fortinetfortiadcMatch7.1.0

fortinetfortiadcMatch7.1.1

fortinetfortiadcMatch7.1.2

fortinetfortiadcMatch7.2.0

fortinetfortiadcMatch7.4.0

VendorProductVersionCPE
fortinetfortiadc*cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
fortinetfortiadc7.1.0cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*
fortinetfortiadc7.1.1cpe:2.3:a:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*
fortinetfortiadc7.1.2cpe:2.3:a:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*
fortinetfortiadc7.2.0cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*
fortinetfortiadc7.4.0cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiadc	*	cpe:2.3:a:fortinet:fortiadc::::::::
fortinet	fortiadc	7.1.0	cpe:2.3:a:fortinet:fortiadc:7.1.0:::::::*
fortinet	fortiadc	7.1.1	cpe:2.3:a:fortinet:fortiadc:7.1.1:::::::*
fortinet	fortiadc	7.1.2	cpe:2.3:a:fortinet:fortiadc:7.1.2:::::::*
fortinet	fortiadc	7.2.0	cpe:2.3:a:fortinet:fortiadc:7.2.0:::::::*
fortinet	fortiadc	7.4.0	cpe:2.3:a:fortinet:fortiadc:7.4.0:::::::*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiADC",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "7.4.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.1.0",
        "lessThanOrEqual": "7.1.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.5",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.1.0",
        "lessThanOrEqual": "6.1.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.4",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-23-270

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RC:C

AI Score

5.3

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for CVE-2023-41673