What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-44249.

What is the severity of CVE-2023-44249?

The severity of CVE-2023-44249 is medium with a CVSS score of 6.5.

Which software versions are affected by CVE-2023-44249?

Fortinet FortiManager versions 7.4.0 and before 7.2.3, and FortiAnalyzer versions 7.4.0 and before 7.2.3 are affected by CVE-2023-44249.

How does CVE-2023-44249 work?

CVE-2023-44249 is an authorization bypass vulnerability that allows a remote attacker with low privileges to read sensitive information through crafted HTTP requests.

Is there a fix available for CVE-2023-44249?

Yes, it is recommended to update to Fortinet FortiManager version 7.4.0 or 7.2.3, and FortiAnalyzer version 7.4.0 or 7.2.3 to fix CVE-2023-44249.

Vulnerability/
CVE-2023-44249

medium

6.5

CWE

639

10/10/2023

2/8/2024

CVE-2023-44249

First published: Tue Oct 10 2023(Updated: )

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.

Credit: psirt@fortinet.com psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiAnalyzer	>=6.2.0<=6.2.12
Fortinet FortiAnalyzer	>=6.4.0<=6.4.13
Fortinet FortiAnalyzer	>=7.0.0<=7.0.9
Fortinet FortiAnalyzer	>=7.2.0<=7.2.3
Fortinet FortiAnalyzer	=7.4.0
Fortinet FortiManager	>=6.2.0<=6.2.12
Fortinet FortiManager	>=6.4.0<=6.4.13
Fortinet FortiManager	>=7.0.0<=7.0.9
Fortinet FortiManager	>=7.2.0<=7.2.3
Fortinet FortiManager	=7.4.0
Fortinet FortiAnalyzer	>=7.2.0<7.2.4
Fortinet FortiManager	>=7.2.0<7.2.4

Remedy

Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-44249.
What is the severity of CVE-2023-44249?
The severity of CVE-2023-44249 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2023-44249?
Fortinet FortiManager versions 7.4.0 and before 7.2.3, and FortiAnalyzer versions 7.4.0 and before 7.2.3 are affected by CVE-2023-44249.
How does CVE-2023-44249 work?
CVE-2023-44249 is an authorization bypass vulnerability that allows a remote attacker with low privileges to read sensitive information through crafted HTTP requests.
Is there a fix available for CVE-2023-44249?
Yes, it is recommended to update to Fortinet FortiManager version 7.4.0 or 7.2.3, and FortiAnalyzer version 7.4.0 or 7.2.3 to fix CVE-2023-44249.

collector/nvd-index
collector/nvd-api
agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/remedy
agent/last-modified-date
agent/description
agent/tags
agent/first-publish-date
agent/event
vendor/fortinet
canonical/fortinet fortianalyzer
version/fortinet fortianalyzer/6.2.0
version/fortinet fortianalyzer/6.2.12
version/fortinet fortianalyzer/6.4.0
version/fortinet fortianalyzer/6.4.13
version/fortinet fortianalyzer/7.0.0
version/fortinet fortianalyzer/7.0.9
version/fortinet fortianalyzer/7.2.0
version/fortinet fortianalyzer/7.2.3
version/fortinet fortianalyzer/7.4.0
canonical/fortinet fortimanager
version/fortinet fortimanager/6.2.0
version/fortinet fortimanager/6.2.12
version/fortinet fortimanager/6.4.0
version/fortinet fortimanager/6.4.13
version/fortinet fortimanager/7.0.0
version/fortinet fortimanager/7.0.9
version/fortinet fortimanager/7.2.0
version/fortinet fortimanager/7.2.3
version/fortinet fortimanager/7.4.0