What is the severity of FG-IR-23-201?

FG-IR-23-201 is considered a serious authorization bypass vulnerability allowing low-privileged attackers to access sensitive information.

How do I fix FG-IR-23-201?

Fix FG-IR-23-201 by updating FortiManager and FortiAnalyzer to the latest remedied versions as specified in the advisory.

Which versions are affected by FG-IR-23-201?

FG-IR-23-201 affects various versions of FortiManager and FortiAnalyzer, specifically prior to the remedied versions mentioned in the advisory.

Can FG-IR-23-201 be exploited remotely?

Yes, FG-IR-23-201 allows a remote attacker to exploit the vulnerability through crafted HTTP requests.

What type of vulnerability is FG-IR-23-201?

FG-IR-23-201 is classified as an authorization bypass vulnerability identified by CWE-639.

Vulnerability/
FG-IR-23-201

medium

4.1

10/10/2023

15/1/2025

FG-IR-23-201: Authorization bypass via key value controlled by user

First published: Tue Oct 10 2023(Updated: )

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiManager & FortiAnalyzer may allow a remote attacker with low privileges to read sensitive information via crafted HTTP requests.

Affected Software	Affected Version	How to fix
Fortinet FortiAnalyzer	=.
Fortinet FortiAnalyzer	>=7.2.0<=7.2.5
Fortinet FortiManager	=.
Fortinet FortiManager	>=7.2.0<=7.2.3
Fortinet FortiManager	>=7.0.0<=7.0.9
Fortinet FortiManager	>=6.4
Fortinet FortiManager	>=6.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-23-201?
FG-IR-23-201 is considered a serious authorization bypass vulnerability allowing low-privileged attackers to access sensitive information.
How do I fix FG-IR-23-201?
Fix FG-IR-23-201 by updating FortiManager and FortiAnalyzer to the latest remedied versions as specified in the advisory.
Which versions are affected by FG-IR-23-201?
FG-IR-23-201 affects various versions of FortiManager and FortiAnalyzer, specifically prior to the remedied versions mentioned in the advisory.
Can FG-IR-23-201 be exploited remotely?
Yes, FG-IR-23-201 allows a remote attacker to exploit the vulnerability through crafted HTTP requests.
What type of vulnerability is FG-IR-23-201?
FG-IR-23-201 is classified as an authorization bypass vulnerability identified by CWE-639.

agent/type
agent/severity
agent/title
agent/references
agent/first-publish-date
agent/description
agent/trending
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2023-44249
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortianalyzer
version/fortinet fortianalyzer/.
version/fortinet fortianalyzer/7.2.0
version/fortinet fortianalyzer/7.2.5
canonical/fortinet fortimanager
version/fortinet fortimanager/.
version/fortinet fortimanager/7.2.0
version/fortinet fortimanager/7.2.3
version/fortinet fortimanager/7.0.0
version/fortinet fortimanager/7.0.9
version/fortinet fortimanager/6.4
version/fortinet fortimanager/6.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.