PT-2023-7870 · Fortinet · Fortiadc

Published

2023-12-12

·

Updated

2023-12-15

·

CVE-2023-41673

CVSS v2.0
7.5
VectorAV:N/AC:L/Au:S/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions:

FortiADC versions 7.2.2 through 7.4.0

Description:

The issue is related to an improper authorization procedure in the application delivery controller. This can be exploited by a remote attacker to gain unauthorized access to configuration files by sending specially crafted HTTP or HTTPS requests. A low-privileged user may be able to read or backup the full system configuration via these requests.

Recommendations:

For FortiADC versions 7.2.2 through 7.4.0, update to a version that includes the fix for this issue to prevent exploitation.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Weakness Enumeration

Related Identifiers

BDU:2023-08941
CVE-2023-41673

Affected Products

Fortiadc