CVE-2023-25603

Name of the Vulnerable Software and Affected Versions Fortinet FortiADC versions 7.1.0 through 7.1.1 FortiDDoS-F versions 6.3.0 through 6.3.4 FortiDDoS-F versions 6.4.0 through 6.4.1

Description A permissive cross-domain policy with untrusted domains vulnerability allows an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. This issue is related to the use of an untrusted cross-domain policy file in the FortiDDoS-F DDoS protection system and the FortiADC web management tool. The exploitation of this vulnerability may allow an attacker to access confidential information.

Recommendations For Fortinet FortiADC versions 7.1.0 through 7.1.1, consider disabling the web management interface until a patch is available. For FortiDDoS-F versions 6.3.0 through 6.3.4, restrict access to the web management tool to minimize the risk of exploitation. For FortiDDoS-F versions 6.4.0 through 6.4.1, avoid using the web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.