CVE-2023-25603

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiddos-f; Fortiadc
Vendor: CVE Published:; 14 November 2023

Summary

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

Affected Version(s)

FortiADC 7.1.0 <= 7.1.1

FortiDDoS-F 6.4.0 <= 6.4.1

FortiDDoS-F 6.3.0 <= 6.3.4

References

https://fortiguard.com/psirt/FG-IR-22-518

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Feb 8, 2023