First published: Mon Jun 12 2023(Updated: )
A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | >=6.4.8<=6.4.11 | |
Fortinet FortiAnalyzer | >=7.0.0<=7.0.6 | |
Fortinet FortiAnalyzer | =7.2.0 | |
Fortinet FortiAnalyzer | =7.2.1 | |
Fortinet FortiManager | >=6.4.8<=6.4.11 | |
Fortinet FortiManager | >=7.0.0<=7.0.6 | |
Fortinet FortiManager | =7.2.0 | |
Fortinet FortiManager | =7.2.1 | |
Fortinet FortiAnalyzer | >=7.2.0<=7.2.1 | |
Fortinet FortiAnalyzer | >=7.0.0<=7.0.6 | |
Fortinet FortiAnalyzer | >=6.4.8<=6.4.11 | |
Fortinet FortiManager | >=7.2.0<=7.2.1 | |
Fortinet FortiManager | >=7.0.0<=7.0.6 | |
Fortinet FortiManager | >=6.4.8<=6.4.11 |
Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.7 or above Please upgrade to FortiAnalyzer version 6.4.12 or above Please upgrade to FortiManager version 7.2.2 or above Please upgrade to FortiManager version 7.0.7 or above Please upgrade to FortiManager version 6.4.12 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25609 is a server-side request forgery (SSRF) vulnerability in FortiManager and FortiAnalyzer GUI versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, and 6.4.8 through 6.4.11.
CVE-2023-25609 has a severity score of 6.5, which is considered medium.
CVE-2023-25609 may allow a remote and authenticated attacker to access unauthorized files and services on the system through specially crafted web requests.
FortiManager and FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, and 6.4.8 through 6.4.11 are affected by CVE-2023-25609.
To mitigate the CVE-2023-25609 vulnerability, it is recommended to apply the necessary security patches provided by Fortinet.