First published: Tue Nov 14 2023(Updated: )
An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.
|Affected Software||Affected Version||How to fix|
The vulnerability ID is CVE-2023-26205.
The severity of CVE-2023-26205 is high with a score of 8.1.
FortiADC automation feature versions 7.1.0 through 7.1.2, 7.0, 6.2, and 6.1 are affected.
An authenticated low-privileged attacker can escalate their privileges to super_admin via a specifically crafted configuration of fabric authentication users and groups.
It is recommended to update to the latest version of FortiADC that addresses this vulnerability.