Vulnerability Description
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | >= 6.2.0, <= 6.2.12 |
| Fortinet | Fortimanager | >= 6.2.0, <= 6.2.12 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-23-201Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-Third Party Advisory
- https://fortiguard.com/psirt/FG-IR-23-201Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-Third Party Advisory
FAQ
What is CVE-2023-44249?
CVE-2023-44249 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote att...
How severe is CVE-2023-44249?
CVE-2023-44249 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-44249?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortimanager.