CVE-2023-33301

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.2.0 through 7.2.4 Fortinet FortiOS version 7.4.0

Description The issue is related to improper access control in the FortiOS REST API component, allowing an attacker to access restricted resources from non-trusted hosts. This can be exploited by an authenticated attacker to bypass existing access restriction policies.

Recommendations For Fortinet FortiOS versions 7.2.0 through 7.2.4, consider restricting access to the REST API component until a patch is available. For Fortinet FortiOS version 7.4.0, consider restricting access to the REST API component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.