Improper Privilege Management in Fortinet FortiOS and FortiProxy
CVE-2023-44250

8.8HIGH

Key Information:

Vendor: Fortinet
Status: FortiOS; FortiProxy
Vendor: CVE Published:; 10 January 2024

Summary

An improper privilege management vulnerability exists in Fortinet's FortiOS HA and FortiProxy HA clusters, impacting specific versions. This flaw allows authenticated attackers to escalate their privileges and perform unauthorized actions by crafting special HTTP or HTTPS requests. Organizations using the affected versions should prioritize identifying and mitigating this issue to protect their network security.

Affected Version(s)

FortiOS 7.4.0 <= 7.4.1

FortiOS 7.2.5

FortiProxy 7.4.0 <= 7.4.1

References

https://fortiguard.com/psirt/FG-IR-23-315

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2024
Vulnerability Reserved
Sep 27, 2023