7.1

CVE-2023-41673

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiadc Version >= 6.0.0 <= 6.0.4
FortinetFortiadc Version >= 6.1.0 <= 6.1.6
FortinetFortiadc Version >= 6.2.0 <= 6.2.6
FortinetFortiadc Version >= 7.0.0 <= 7.0.5
FortinetFortiadc Version7.1.0
FortinetFortiadc Version7.1.1
FortinetFortiadc Version7.1.2
FortinetFortiadc Version7.2.0
FortinetFortiadc Version7.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.375
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
psirt@fortinet.com 7.1 2.8 4.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.