CVE-2023-46712

Name of the Vulnerable Software and Affected Versions Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal versions 7.2.0 through 7.2.1

Description The issue is related to improper access control in Fortinet FortiPortal, which can be exploited by an attacker to escalate privileges via specifically crafted HTTP requests. This can allow a remote attacker to increase their privileges by sending specially formed HTTP requests.

Recommendations For Fortinet FortiPortal versions 7.0.0 through 7.0.6, consider restricting access to the affected HTTP endpoints until a patch is available. For Fortinet FortiPortal versions 7.2.0 through 7.2.1, consider disabling the functionality that allows privilege escalation via crafted HTTP requests until a fix is provided. As a temporary workaround, avoid using the affected versions of Fortinet FortiPortal for critical operations that require high privilege levels.