CVE-2023-48783

Name of the Vulnerable Software and Affected Versions PortiPortal versions 7.2.1 and below PortiPortal versions 7.0.6 and below PortiPortal versions 6.0.14 and below PortiPortal versions 5.3.8 and below

Description The issue allows a remote authenticated user with at least read-only permissions to access other organization endpoints via crafted GET requests. This is due to an Authorization Bypass Through User-Controlled Key vulnerability.

Recommendations For versions 7.2.1 and below, consider restricting access to sensitive endpoints until a patch is available. For versions 7.0.6 and below, restrict access to vulnerable modules to minimize the risk of exploitation. For versions 6.0.14 and below, avoid using crafted GET requests in the affected API endpoints until the issue is resolved. For versions 5.3.8 and below, consider disabling vulnerable functions until a patch is available.