CVE-2023-33303

Name of the Vulnerable Software and Affected Versions Fortinet FortiEDR versions 5.0.0 through 5.0.1

Description The issue is related to insufficient session expiration in Fortinet FortiEDR, which can be exploited by an attacker to execute unauthorized code or commands via an API request. This can allow a remote attacker to execute arbitrary code.

Recommendations For Fortinet FortiEDR versions 5.0.0 through 5.0.1, consider restricting access to API endpoints until a patch is available. As a temporary workaround, disabling the API request functionality can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.