First published: Tue Oct 10 2023(Updated: )
An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiManager | >=6.0.0<=6.0.12 | |
Fortinet FortiManager | >=6.2.0<=6.2.12 | |
Fortinet FortiManager | >=6.4.0<=6.4.11 | |
Fortinet FortiManager | >=7.0.0<=7.0.7 | |
Fortinet FortiManager | =7.2.0 | |
Fortinet FortiManager | =7.2.1 | |
Fortinet FortiManager | =7.2.2 |
Please upgrade to FortiManager version 7.4.0 or above Please upgrade to FortiManager version 7.2.3 or above Please upgrade to FortiManager version 7.0.8 or above Please upgrade to FortiManager version 6.4.12 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-41679 is an improper access control vulnerability in FortiManager management interface.
CVE-2023-41679 may allow a remote and authenticated attacker with at least 'device management' permission to bypass access controls.
CVE-2023-41679 has a severity rating of 9.6 (Critical).
FortiManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2, and 6.0.0 through 6.0.12 are affected by CVE-2023-41679.
Apply the necessary patches or updates provided by Fortinet to fix CVE-2023-41679.