Lucene search

FortinetCVELIST:CVE-2023-33303

HistoryOct 13, 2023 - 2:32 p.m.

CVE-2023-33303

2023-10-1314:32:30

CWE-613

fortinet

www.cve.org

fortinet

fortiedr

session expiration

vulnerability

unauthorized code execution

api request

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiEDR",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "5.0.0",
        "lessThanOrEqual": "5.0.1",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-23-007

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON

Related for CVELIST:CVE-2023-33303