CVE-2023-50180

5.2MEDIUM

Key Information

Vendor: Fortinet
Status: Fortiadc
Vendor: CVE Published:; 14 May 2024

Summary

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.

Affected Version(s)

FortiADC <= 7.4.1

FortiADC <= 7.2.3

FortiADC <= 7.1.4

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 5.5 to: 5.2 - (MEDIUM)
Jun 6, 2024
Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Dec 5, 2023

Collectors

NVD DatabaseMitre Database