What is the severity of CVE-2023-47537?

CVE-2023-47537 is classified as a high-severity vulnerability due to its potential to allow Man-in-the-Middle attacks.

How do I fix CVE-2023-47537?

To remediate CVE-2023-47537, upgrade FortiOS to version 7.4.2 or later, 7.2.7 or later, or 7.0.15 or later.

What type of attacks can exploit CVE-2023-47537?

CVE-2023-47537 can be exploited by unauthenticated attackers to intercept and manipulate FortiLink communication.

Which versions of FortiOS are affected by CVE-2023-47537?

CVE-2023-47537 affects FortiOS versions prior to 7.4.2, 7.2.7, and certain versions of 7.0.

What is the impact of CVE-2023-47537 on FortiOS?

The impact of CVE-2023-47537 includes the ability to decipher and alter communication between FortiOS devices and FortiSwitch instances.

Vulnerability/
CVE-2023-47537

medium

4.8

CWE

295

8/2/2024

15/2/2024

2/8/2024

CVE-2023-47537: Fortilink lack of certificate validation

First published: Thu Feb 08 2024(Updated: )

An improper certificate validation vulnerability [CWE-295] in FortiOS may allow an unauthenticated attacker in a Man-in-the-Middle position to decipher and alter the FortiLink communication channel between the FortiOS device and a FortiSwitch instance.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiOS
FortiOS	>=7.4.0<=7.4.1
FortiOS	>=7.2.0<=7.2.6
FortiOS	>=7.0.0<=7.0.15
FortiOS	>=6.4
FortiOS	>=7.0.0<7.0.14
FortiOS	>=7.2.0<=7.2.6
FortiOS	=7.4.0
FortiOS	=7.4.1

Remedy

Please upgrade to FortiOS version 7.4.2 or above Please upgrade to FortiOS version 7.2.7 or above Please upgrade to FortiOS version 7.0.16 or above

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2023-47537?
CVE-2023-47537 is classified as a high-severity vulnerability due to its potential to allow Man-in-the-Middle attacks.
How do I fix CVE-2023-47537?
To remediate CVE-2023-47537, upgrade FortiOS to version 7.4.2 or later, 7.2.7 or later, or 7.0.15 or later.
What type of attacks can exploit CVE-2023-47537?
CVE-2023-47537 can be exploited by unauthenticated attackers to intercept and manipulate FortiLink communication.
Which versions of FortiOS are affected by CVE-2023-47537?
CVE-2023-47537 affects FortiOS versions prior to 7.4.2, 7.2.7, and certain versions of 7.0.
What is the impact of CVE-2023-47537 on FortiOS?
The impact of CVE-2023-47537 includes the ability to decipher and alter communication between FortiOS devices and FortiSwitch instances.

collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-21762
alias/CVE-2024-23113
alias/CVE-2023-44487
alias/CVE-2023-47537
agent/type
collector/fortiguard-psirt-latest
source/FortiGuard
agent/first-publish-date
agent/references
agent/weakness
agent/severity
agent/author
agent/event
agent/title
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/news-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/fortiguard-psirt
collector/nvd-api
source/NVD
vendor/fortinet
canonical/fortinet fortios
canonical/fortios
version/fortios/7.4.0
version/fortios/7.4.1
version/fortios/7.2.0
version/fortios/7.2.6
version/fortios/7.0.0
version/fortios/7.0.15
version/fortios/6.4