Lucene search

PRIOn knowledge basePRION:CVE-2023-47536

HistoryDec 13, 2023 - 8:15 a.m.

Improper access control

2023-12-1308:15:00

PRIOn knowledge base

www.prio-n.com

improper access control

fortios

fortiproxy

vulnerability

remote attacker

firewall bypass

geolocalisation

geoip.

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.9%

JSON

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.

CPENameOperatorVersion
fortioseq7.2.0
fortiosge6.4.0
fortiosle6.4.14
fortiosge7.0.0
fortiosle7.0.13
fortiproxyge2.0.0
fortiproxyle2.0.12
fortiproxyge7.0.0
fortiproxyle7.0.9
fortiproxyge7.2.0

Name	Operator	Version
fortios	eq	7.2.0
fortios	ge	6.4.0
fortios	le	6.4.14
fortios	ge	7.0.0
fortios	le	7.0.13
fortiproxy	ge	2.0.0
fortiproxy	le	2.0.12
fortiproxy	ge	7.0.0
fortiproxy	le	7.0.9
fortiproxy	ge	7.2.0

Rows per page:

1-10 of 111

References

fortiguard.com/psirt/FG-IR-23-432