CVE-2023-44254

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-23-204 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:fortinet:fortianalyzer-bigdata:*:*:*:*:*:*:*:*

History

25 Sep 2024, 20:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.0
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer-bigdata:*:*:*:*:*:*:*:*
References () https://fortiguard.com/psirt/FG-IR-23-204 - () https://fortiguard.com/psirt/FG-IR-23-204 - Vendor Advisory
Summary
  • (es) Una vulnerabilidad de omisión de autorización a través de una clave controlada por el usuario [CWE-639] en FortiAnalyzer versión 7.4.1 y anteriores a 7.2.5 y FortiManager versión 7.4.1 y anteriores a 7.2.5 puede permitir que un atacante remoto con privilegios bajos lea datos confidenciales a través de una solicitud HTTP manipulada específicamente.
First Time Fortinet fortianalyzer
Fortinet
Fortinet fortianalyzer-bigdata
Fortinet fortimanager

10 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 15:15

Updated : 2024-09-25 20:17


NVD link : CVE-2023-44254

Mitre link : CVE-2023-44254

CVE.ORG link : CVE-2023-44254


JSON object : View

Products Affected

fortinet

  • fortianalyzer-bigdata
  • fortianalyzer
  • fortimanager
CWE
CWE-639

Authorization Bypass Through User-Controlled Key