Improper Authentication Vulnerability in FortiOS Could Allow Read-Write Access via Successive Login Attempts
CVE-2023-46717
6.7MEDIUM
Summary
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.
Affected Version(s)
FortiOS <= 7.4.1
FortiOS <= 7.2.6
FortiOS <= 7.0.12
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 8.8 to: 6.7 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database