Authorization Bypass Vulnerability in PortiPortal by Fortinet
CVE-2023-48783

4.9MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiportal
Vendor: CVE Published:; 10 January 2024

What is CVE-2023-48783?

The vulnerability in PortiPortal allows remote authenticated users with read-only permissions to exploit crafted GET requests, potentially gaining access to other organizational endpoints. This flaw represents a significant security concern for users, as it permits unauthorized data access, compromising endpoint security. It is essential for organizations using affected versions of PortiPortal to be aware and take necessary steps to mitigate this risk. For further details, refer to Fortinet's advisory.

Affected Version(s)

FortiPortal 7.2.0 <= 7.2.1

FortiPortal 7.0.0 <= 7.0.6

FortiPortal 6.0.0 <= 6.0.14

References

https://fortiguard.com/psirt/FG-IR-23-408

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2024
Vulnerability Reserved
Nov 19, 2023