Lucene search

PRIOn knowledge basePRION:CVE-2023-25609

HistoryJun 13, 2023 - 9:15 a.m.

Server side request forgery (ssrf)

2023-06-1309:15:00

PRIOn knowledge base

www.prio-n.com

server-side request forgery

vulnerability

fortimanager

fortianalyzer

gui

unauthorized access

cwe-918

specially crafted web requests

nvd

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.

CPENameOperatorVersion
fortianalyzereq7.2.0
fortianalyzereq7.2.1
fortianalyzerge6.4.8
fortianalyzerle6.4.11
fortianalyzerge7.0.0
fortianalyzerle7.0.6
fortimanagereq7.2.0
fortimanagereq7.2.1
fortimanagerge6.4.8
fortimanagerle6.4.11

Name	Operator	Version
fortianalyzer	eq	7.2.0
fortianalyzer	eq	7.2.1
fortianalyzer	ge	6.4.8
fortianalyzer	le	6.4.11
fortianalyzer	ge	7.0.0
fortianalyzer	le	7.0.6
fortimanager	eq	7.2.0
fortimanager	eq	7.2.1
fortimanager	ge	6.4.8
fortimanager	le	6.4.11

Rows per page:

1-10 of 121

References

fortiguard.com/psirt/FG-IR-22-493