CVE-2023-47536

2.8LOW

Key Information:

Vendor: Fortinet
Status: FortiOS; FortiProxy
Vendor: CVE Published:; 13 December 2023

Summary

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.

Affected Version(s)

FortiOS 7.2.0

FortiOS 7.0.0 <= 7.0.13

FortiOS 6.4.0 <= 6.4.14

References

https://fortiguard.com/psirt/FG-IR-23-432

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Nov 6, 2023