Unauthorized Access Exposure in FortiADC by Fortinet
CVE-2023-50180

5.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiadc
Vendor: CVE Published:; 14 May 2024

Summary

An exposure vulnerability in FortiADC allows a read-only administrator to access sensitive data associated with other administrators. This issue affects various versions of FortiADC, creating a potential security risk where sensitive information could be misused by unauthorized users. It's crucial for organizations using FortiADC versions 7.4.1 and below, down to 6.2.6, to apply necessary mitigations to protect their systems.

Affected Version(s)

FortiADC 7.4.0 <= 7.4.1

FortiADC 7.2.0 <= 7.2.3

FortiADC 7.1.0 <= 7.1.4

References

https://fortiguard.com/psirt/FG-IR-23-433

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Dec 5, 2023