Lucene search

PRIOn knowledge basePRION:CVE-2023-41673

HistoryDec 13, 2023 - 7:15 a.m.

Authorization

2023-12-1307:15:00

PRIOn knowledge base

www.prio-n.com

improper authorization

vulnerability

fortinet fortiadc

version 7.4.0

version 7.2.2

low privileged user

full system configuration

http

https

nvd

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

CPENameOperatorVersion
fortiadcge6.0.0
fortiadcle6.0.4
fortiadcge6.1.0
fortiadcle6.1.6
fortiadceq7.1.0
fortiadceq7.2.0
fortiadcge6.2.0
fortiadcle6.2.6
fortiadcge7.0.0
fortiadcle7.0.5

Name	Operator	Version
fortiadc	ge	6.0.0
fortiadc	le	6.0.4
fortiadc	ge	6.1.0
fortiadc	le	6.1.6
fortiadc	eq	7.1.0
fortiadc	eq	7.2.0
fortiadc	ge	6.2.0
fortiadc	le	6.2.6
fortiadc	ge	7.0.0
fortiadc	le	7.0.5

Rows per page:

1-10 of 131

References

fortiguard.com/psirt/FG-IR-23-270