A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-19-039 | Vendor Advisory |
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
31 Oct 2023, 17:46
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* |
|
| CWE | CWE-918 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| References | (MISC) https://fortiguard.com/psirt/FG-IR-19-039 - Vendor Advisory | |
| References | (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh - Exploit, Third Party Advisory | |
| First Time |
Fortinet
Fortinet fortianalyzer Fortinet fortimanager |
20 Oct 2023, 11:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-20 10:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-44256
Mitre link : CVE-2023-44256
CVE.ORG link : CVE-2023-44256
JSON object : View
Products Affected
fortinet
- fortianalyzer
- fortimanager