CVE-2023-42787

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 7.4.0 and before 7.2.3 Fortinet FortiAnalyzer versions 7.4.0 and before 7.2.3

Description The issue is related to the implementation of client-side security features. It may allow a remote attacker with low privileges to access a privileged web console via client-side code execution. This is due to a client-side enforcement of server-side security vulnerability.

Recommendations For Fortinet FortiManager versions 7.4.0 and before 7.2.3, update to a version after 7.2.3 to resolve the issue. For Fortinet FortiAnalyzer versions 7.4.0 and before 7.2.3, update to a version after 7.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the web console to minimize the risk of exploitation.