PT-2023-3762 · Fortinet · Fortianalyzer+1
Published
2023-06-12
·
Updated
2023-06-21
·
CVE-2023-25609
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiManager and FortiAnalyzer GUI versions 6.4.8 through 6.4.11
FortiManager and FortiAnalyzer GUI versions 7.0.0 through 7.0.6
FortiManager and FortiAnalyzer GUI versions 7.2.0 through 7.2.1
Description
A server-side request forgery (SSRF) issue may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests. This is due to insufficient validation of incoming requests on the server side. The exploitation of this issue can enable a remote attacker to perform an SSRF attack.
Recommendations
For FortiManager and FortiAnalyzer GUI versions 6.4.8 through 6.4.11, update to a version outside of this range to resolve the issue.
For FortiManager and FortiAnalyzer GUI versions 7.0.0 through 7.0.6, update to a version outside of this range to resolve the issue.
For FortiManager and FortiAnalyzer GUI versions 7.2.0 through 7.2.1, update to a version outside of this range to resolve the issue.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortianalyzer
Fortimanager