CVE-2023-26205

Name of the Vulnerable Software and Affected Versions FortiADC versions 6.1 through 7.1.2 FortiADC version 7.0

Description The issue is related to improper access control in the FortiADC automation feature, which may allow an authenticated low-privileged attacker to escalate their privileges to super admin via a specific crafted configuration of fabric automation CLI script.

Recommendations For FortiADC versions 6.1 through 7.1.2, consider disabling the automation feature until a patch is available. For FortiADC version 7.0, restrict access to the fabric automation CLI script to minimize the risk of exploitation. As a temporary workaround, consider limiting the privileges of low-privileged attackers to prevent them from escalating their privileges to super admin.