PT-2023-9784 · Fortinet · Fortianalyzer+2
Published
2023-09-27
·
Updated
2025-01-21
·
CVE-2023-44255
CVSS v3.1
4.1
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiManager versions prior to 7.4.2
Fortinet FortiAnalyzer versions prior to 7.4.2
Fortinet FortiAnalyzer-BigData versions prior to 7.2.5
Description
The issue is related to exposure of sensitive information to an unauthorized actor, which may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPS requests. This is due to insufficient access control to personal information.
Recommendations
For Fortinet FortiManager versions prior to 7.4.2, update to version 7.4.2 or later.
For Fortinet FortiAnalyzer versions prior to 7.4.2, update to version 7.4.2 or later.
For Fortinet FortiAnalyzer-BigData versions prior to 7.2.5, update to version 7.2.5 or later.
As a temporary workaround, consider restricting access to event logs to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortianalyzer
Fortianalyzer-Bigdata
Fortimanager