CVE-2023-44249

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.4.0 and before 7.2.3 FortiAnalyzer versions 7.4.0 and before 7.2.3

Description The issue is related to an authorization bypass through user-controlled key, allowing a remote attacker with low privileges to read sensitive information via crafted HTTP requests. This is due to an error in processing keys controlled by the user. The exploitation of this issue can enable a remote attacker to access confidential data.

Recommendations For FortiManager versions 7.4.0 and before 7.2.3, update to a version that includes the fix for this issue. For FortiAnalyzer versions 7.4.0 and before 7.2.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive information until a patch is available.