CVE-2023-50176

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.0.0 through 7.0.13 Fortinet FortiOS versions 7.2.0 through 7.2.7 Fortinet FortiOS versions 7.4.0 through 7.4.3

Description: A session fixation issue in Fortinet FortiOS allows an attacker to execute unauthorized code or commands via a phishing SAML authentication link. This vulnerability is related to the SSL VPN technology and can be exploited by a remote attacker to hijack a user's session. The exploitation may allow the attacker to perform arbitrary code execution or execute arbitrary commands.

Recommendations: For Fortinet FortiOS versions 7.0.0 through 7.0.13, update to a version that includes the fix for this issue. For Fortinet FortiOS versions 7.2.0 through 7.2.7, update to a version that includes the fix for this issue. For Fortinet FortiOS versions 7.4.0 through 7.4.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SAML authentication link to minimize the risk of exploitation.