Insufficient Session Expiration in Fortinet FortiEDR Products
CVE-2023-33303

7.7HIGH

Key Information:

Vendor: Fortinet
Status: Fortiedr
Vendor: CVE Published:; 13 October 2023

What is CVE-2023-33303?

An insufficient session expiration vulnerability exists in Fortinet's FortiEDR versions 5.0.0 through 5.0.1. This weakness allows attackers to exploit the system by executing unauthorized code or commands through crafted API requests. Organizations using these affected versions should take immediate action to mitigate the risk, ensuring that proper session management practices are implemented to safeguard against potential exploits.

Affected Version(s)

FortiEDR 5.0.0 <= 5.0.1

References

https://fortiguard.com/psirt/FG-IR-23-007

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2023
Vulnerability Reserved
May 22, 2023