CVE-2023-44252

8.6HIGH

Key Information

Vendor: Fortinet
Status: FortiWAN
Vendor: CVE Published:; 13 December 2023

Summary

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.

Affected Version(s)

FortiWAN <= 5.2.1

FortiWAN <= 5.1.2

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 13, 2023
Vulnerability Reserved.
Sep 27, 2023

Collectors

NVD DatabaseMitre Database