CVE-2023-50178

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.
References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-22-298 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*

History

19 Sep 2024, 16:06

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiADC 7.4.0, 7.2.0 hasta 7.2.3, 7.1 todas las versiones, 7.0 todas las versiones, 6.2 todas las versiones, 6.1 todas las versiones y 6.0 todas las versiones puede permitir un atacante remoto y no autenticado para realizar un ataque Man-in-the-Middle en el canal de comunicación entre el dispositivo y varios servidores remotos, como conectores SDN privados y FortiToken Cloud.
References () https://fortiguard.fortinet.com/psirt/FG-IR-22-298 - () https://fortiguard.fortinet.com/psirt/FG-IR-22-298 - Third Party Advisory
First Time Fortinet
Fortinet fortiadc
CPE cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*

09 Jul 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 16:15

Updated : 2024-09-19 16:06


NVD link : CVE-2023-50178

Mitre link : CVE-2023-50178

CVE.ORG link : CVE-2023-50178


JSON object : View

Products Affected

fortinet

  • fortiadc
CWE
CWE-295

Improper Certificate Validation