CVE-2023-44250

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.2.5 through 7.4.1 FortiProxy versions 7.4.0 through 7.4.1

Description An improper privilege management issue allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. This can potentially allow an attacker to execute commands with elevated privileges. Approximately 4,625 FortiOS 7.4 devices are estimated to be vulnerable and exposed on the internet.

Recommendations For FortiOS versions 7.2.5 through 7.4.1, update to a version that includes the fix for this issue. For FortiProxy versions 7.4.0 through 7.4.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the affected HA cluster to minimize the risk of exploitation. Avoid using crafted HTTP or HTTPS requests in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.