CVE-2023-47536

2.8LOW

Key Information

Vendor: Fortinet
Status: FortiOS; FortiProxy
Vendor: CVE Published:; 13 December 2023

Summary

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.

Affected Version(s)

FortiOS = 7.2.0

FortiOS <= 7.0.13

FortiOS <= 6.4.14

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 13, 2023
Vulnerability Reserved.
Nov 6, 2023

Collectors

NVD DatabaseMitre Database