PT-2023-7870 · Fortinet · Fortiadc
Published
2023-12-12
·
Updated
2023-12-15
·
CVE-2023-41673
CVSS v2.0
7.5
Vector | AV:N/AC:L/Au:S/C:C/I:P/A:N |
Improper Authorization
Weakness Enumeration
Related Identifiers
Affected Products
Fortiadc
Published
2023-12-12
·
Updated
2023-12-15
·
CVE-2023-41673
7.5
High
Base vector | Vector | AV:N/AC:L/Au:S/C:C/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
FortiADC versions 7.2.2 through 7.4.0
Description:
The issue is related to an improper authorization procedure in the application delivery controller. This can be exploited by a remote attacker to gain unauthorized access to configuration files by sending specially crafted HTTP or HTTPS requests. A low-privileged user may be able to read or backup the full system configuration via these requests.
Recommendations:
For FortiADC versions 7.2.2 through 7.4.0, update to a version that includes the fix for this issue to prevent exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authorization