CVE-2023-50180

Name of the Vulnerable Software and Affected Versions FortiADC versions 7.4.1 and below FortiADC versions 7.2.3 and below FortiADC versions 7.1.4 and below FortiADC versions 7.0.5 and below FortiADC versions 6.2.6 and below

Description The issue is related to an exposure of sensitive system information to an unauthorized control sphere, which may allow a read-only admin to view data pertaining to other admins. This could potentially be exploited by an attacker to access arbitrary data.

Recommendations For FortiADC versions 7.4.1 and below, consider restricting access to sensitive system information until a patch is available. For FortiADC versions 7.2.3 and below, restrict the privileges of read-only admins to minimize the risk of data exposure. For FortiADC versions 7.1.4 and below, limit the access of read-only admins to sensitive data. For FortiADC versions 7.0.5 and below, apply configuration changes to restrict the viewing of data pertaining to other admins. For FortiADC versions 6.2.6 and below, disable the feature that allows read-only admins to view sensitive system information until a fix is available.