CVE-2023-28001

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.0.0 through 7.0.12 Fortinet FortiOS versions 7.2.0 through 7.2.4

Description The issue is related to an insufficient session expiration in the FortiOS REST API, allowing an attacker to execute unauthorized code or commands by reusing the session of a deleted user. This can be exploited remotely. The vulnerability may allow an attacker to keep a secure websocket session active after user deletion.

Recommendations For Fortinet FortiOS versions 7.0.0 through 7.0.12, restrict hosts that can connect to the websocket to trusted ones only, with the trusted host feature, as a temporary workaround. For Fortinet FortiOS versions 7.2.0 through 7.2.4, restrict hosts that can connect to the websocket to trusted ones only, with the trusted host feature, as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.