PT-2023-7083 · Fortinet · Fortiadc

Published

2023-11-14

Updated

2023-11-20

CVE-2023-26205

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FortiADC versions 6.1 through 7.1.2 FortiADC version 7.0

Description The issue is related to improper access control in the FortiADC automation feature, which may allow an authenticated low-privileged attacker to escalate their privileges to super admin via a specific crafted configuration of fabric automation CLI script.

Recommendations For FortiADC versions 6.1 through 7.1.2, consider disabling the automation feature until a patch is available. For FortiADC version 7.0, restrict access to the fabric automation CLI script to minimize the risk of exploitation. As a temporary workaround, consider limiting the privileges of low-privileged attackers to prevent them from escalating their privileges to super admin.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2023-08110

CVE-2023-26205

Affected Products

Fortiadc

PT-2023-7083 · Fortinet · Fortiadc

CVE-2023-26205

Weakness Enumeration

Related Identifiers

Affected Products

References · 6