What is the severity of FG-IR-23-493?

The FG-IR-23-493 vulnerability is classified with a medium severity rating.

How do I fix FG-IR-23-493?

To fix FG-IR-23-493, update FortiOS or FortiProxy to the remedial versions or later: FortiOS 7.4.2, 7.2.7, 7.0.13, 6.4.15, 6.2.16, and FortiProxy 7.4.2, 7.2.8, 7.0.14.

Which versions of FortiOS are affected by FG-IR-23-493?

Affected versions of FortiOS include 7.4.0 to 7.4.1, 7.2.0 to 7.2.6, 7.0.0 to 7.0.12, 6.4.0 to 6.4.14, and 6.2.0 to 6.2.15.

Is FortiProxy affected by FG-IR-23-493?

Yes, FortiProxy versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.7, and 7.0.0 to 7.0.13 are affected by FG-IR-23-493.

Vulnerability/
FG-IR-23-493

high

7.5

9/4/2024

FG-IR-23-493: Administrator cookie leakage

First published: Tue Apr 09 2024(Updated: )

An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN.

Affected Software	Affected Version	How to fix
Fortinet FortiOS IPS Engine	>=7.4.0<=7.4.1
Fortinet FortiOS IPS Engine	>=7.2.0<=7.2.6
Fortinet FortiOS IPS Engine	>=7.0.0<=7.0.12
Fortinet FortiOS IPS Engine	>=6.4.0<=6.4.14
Fortinet FortiOS IPS Engine	>=6.2.0<=6.2.15
Fortinet FortiOS IPS Engine	>=6.0
Fortinet FortiProxy	>=7.4.0<=7.4.1
Fortinet FortiProxy	>=7.2.0<=7.2.7
Fortinet FortiProxy	>=7.0.0<=7.0.13
Fortinet FortiProxy	>=2.0
Fortinet FortiProxy	>=1.2
Fortinet FortiProxy	>=1.1
Fortinet FortiProxy	>=1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-23-493?
The FG-IR-23-493 vulnerability is classified with a medium severity rating.
How do I fix FG-IR-23-493?
To fix FG-IR-23-493, update FortiOS or FortiProxy to the remedial versions or later: FortiOS 7.4.2, 7.2.7, 7.0.13, 6.4.15, 6.2.16, and FortiProxy 7.4.2, 7.2.8, 7.0.14.
Which versions of FortiOS are affected by FG-IR-23-493?
Affected versions of FortiOS include 7.4.0 to 7.4.1, 7.2.0 to 7.2.6, 7.0.0 to 7.0.12, 6.4.0 to 6.4.14, and 6.2.0 to 6.2.15.
Is FortiProxy affected by FG-IR-23-493?
Yes, FortiProxy versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.7, and 7.0.0 to 7.0.13 are affected by FG-IR-23-493.
What type of vulnerability is FG-IR-23-493?
FG-IR-23-493 is classified as an insufficiently protected credentials vulnerability, specifically CWE-522.

collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2023-41677
agent/last-modified-date
agent/first-publish-date
agent/type
agent/event
agent/references
agent/severity
agent/softwarecombine
agent/description
agent/title
agent/source
agent/tags
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortios ips engine
version/fortinet fortios ips engine/7.4.0
version/fortinet fortios ips engine/7.4.1
version/fortinet fortios ips engine/7.2.0
version/fortinet fortios ips engine/7.2.6
version/fortinet fortios ips engine/7.0.0
version/fortinet fortios ips engine/7.0.12
version/fortinet fortios ips engine/6.4.0
version/fortinet fortios ips engine/6.4.14
version/fortinet fortios ips engine/6.2.0
version/fortinet fortios ips engine/6.2.15
version/fortinet fortios ips engine/6.0
canonical/fortinet fortiproxy
version/fortinet fortiproxy/7.4.0
version/fortinet fortiproxy/7.4.1
version/fortinet fortiproxy/7.2.0
version/fortinet fortiproxy/7.2.7
version/fortinet fortiproxy/7.0.0
version/fortinet fortiproxy/7.0.13
version/fortinet fortiproxy/2.0
version/fortinet fortiproxy/1.2
version/fortinet fortiproxy/1.1
version/fortinet fortiproxy/1.0

FG-IR-23-493: Administrator cookie leakage

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-23-493?

How do I fix FG-IR-23-493?

Which versions of FortiOS are affected by FG-IR-23-493?

Is FortiProxy affected by FG-IR-23-493?

What type of vulnerability is FG-IR-23-493?

Company

Resources

Contact