CVE-2023-44253

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 7.4.0 through 7.4.1 and before 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.1 and before 7.2.5 Fortinet FortiAnalyzer-BigData before 7.2.5

Description The issue is related to the exposure of sensitive information to unauthorized actors. It allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. This can be exploited by a remote attacker to disclose protected information.

Recommendations For Fortinet FortiManager versions 7.4.0 through 7.4.1 and before 7.2.5, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer versions 7.4.0 through 7.4.1 and before 7.2.5, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer-BigData before 7.2.5, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to crafted HTTP or HTTPS requests to minimize the risk of exploitation.