CVE-2023-41841

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.0.0 through 7.0.11 Fortinet FortiOS versions 7.2.0 through 7.2.4

Description The issue is related to an improper authorization vulnerability in Fortinet FortiOS, which may allow an attacker belonging to the prof-admin profile to perform elevated actions. This vulnerability is associated with deficiencies in authorization. An authenticated attacker may exploit this vulnerability to elevate their privileges.

Recommendations For Fortinet FortiOS versions 7.0.0 through 7.0.11, update to a version outside of this range to mitigate the risk. For Fortinet FortiOS versions 7.2.0 through 7.2.4, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the privileges of users belonging to the prof-admin profile until a patch is available.