First published: Tue Oct 10 2023(Updated: )
A server-side request forgery vulnerability [CWE-918] in FortiAnalyzer and FortiManager may allow a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | >=6.4.8<=6.4.13 | |
Fortinet FortiAnalyzer | >=7.0.2<=7.0.8 | |
Fortinet FortiAnalyzer | >=7.2.0<=7.2.3 | |
Fortinet FortiAnalyzer | =7.4.0 | |
Fortinet FortiManager | >=7.0.0<=7.0.8 | |
Fortinet FortiManager | >=7.2.0<=7.2.3 | |
Fortinet FortiManager | =7.4.0 | |
Fortinet FortiAnalyzer | =. | |
Fortinet FortiAnalyzer | >=7.2.0<=7.2.3 | |
Fortinet FortiAnalyzer | >=7.0.2<=7.0.8 | |
Fortinet FortiAnalyzer | >=6.4.8<=6.4.15 | |
Fortinet FortiManager | =. | |
Fortinet FortiManager | >=7.2.0<=7.2.3 | |
Fortinet FortiManager | >=7.0.0<=7.0.8 |
Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-44256 is medium with a CVSS score of 6.5.
Fortinet FortiAnalyzer versions 7.4.0, 7.2.0 through 7.2.3, 7.0.2 through 7.0.8, and 6.4.8 through 6.4.13 are affected by CVE-2023-44256.
Fortinet FortiManager versions 7.4.0, 7.2.0 through 7.2.3, and 7.0.0 through 7.0.8 are affected by CVE-2023-44256.
CVE-2023-44256 is a server-side request forgery vulnerability (CWE-918).
CVE-2023-44256 allows a remote attacker with low privileges to view sensitive data from internal systems.