Authorization Bypass Vulnerability in PortiPortal by Fortinet
CVE-2023-48783

4.9MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiportal
Vendor: CVE Published:; 10 January 2024

What is CVE-2023-48783?

The vulnerability in PortiPortal allows remote authenticated users with read-only permissions to exploit crafted GET requests, potentially gaining access to other organizational endpoints. This flaw represents a significant security concern for users, as it permits unauthorized data access, compromising endpoint security. It is essential for organizations using affected versions of PortiPortal to be aware and take necessary steps to mitigate this risk. For further details, refer to Fortinet's advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiPortal 7.2.0 <= 7.2.1

FortiPortal 7.0.0 <= 7.0.6

FortiPortal 6.0.0 <= 6.0.14

References

https://fortiguard.com/psirt/FG-IR-23-408

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2024
Vulnerability Reserved
Nov 19, 2023

JSON

Fortinet