Lucene search

[email protected]NVD:CVE-2023-44249

HistoryOct 10, 2023 - 5:15 p.m.

CVE-2023-44249

2023-10-1017:15:13

CWE-639

[email protected]

web.nvd.nist.gov

cve-639

remote attacker

sensitive information

crafted http requests

fortimanager

fortianalyzer

low privileges

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.

Affected configurations

Nvd

Node

fortinetfortianalyzerRange6.2.0–6.2.12

fortinetfortianalyzerRange6.4.0–6.4.13

fortinetfortianalyzerRange7.0.0–7.0.9

fortinetfortianalyzerRange7.2.0–7.2.4

fortinetfortianalyzerMatch7.4.0

fortinetfortimanagerRange6.2.0–6.2.12

fortinetfortimanagerRange6.4.0–6.4.13

fortinetfortimanagerRange7.0.0–7.0.9

fortinetfortimanagerRange7.2.0–7.2.4

fortinetfortimanagerMatch7.4.0

VendorProductVersionCPE
fortinetfortianalyzer*cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
fortinetfortianalyzer7.4.0cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
fortinetfortimanager*cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
fortinetfortimanager7.4.0cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortianalyzer	*	cpe:2.3:a:fortinet:fortianalyzer::::::::
fortinet	fortianalyzer	7.4.0	cpe:2.3:a:fortinet:fortianalyzer:7.4.0:::::::*
fortinet	fortimanager	*	cpe:2.3:a:fortinet:fortimanager::::::::
fortinet	fortimanager	7.4.0	cpe:2.3:a:fortinet:fortimanager:7.4.0:::::::*

References

fortiguard.com/psirt/FG-IR-23-201

github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqj

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Related for NVD:CVE-2023-44249

prion1 cve1 cvelist1