Auth Bypass via User-Controlled Key Vulnerability
CVE-2023-47543

8.1HIGH

Key Information:

Vendor: Fortinet
Status: Fortiportal
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability exists in Fortinet FortiPortal versions 7.0.0 through 7.0.3 that allows authenticated attackers to bypass authorization controls via user-controlled keys. This permits unauthorized interaction with resources of other organizations through crafted HTTP or HTTPS requests, potentially exposing sensitive information and disrupting services. Proper security measures and prompt updates are essential to mitigate this risk.

Affected Version(s)

FortiPortal 7.0.0 <= 7.0.3

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-448

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Nov 6, 2023