CVE-2023-50176

EPSS 0.11%
Veröffentlicht 12.11.2024 19:15:07
Zuletzt bearbeitet 12.12.2024 19:27:35
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortios Version >= 7.0.0 < 7.0.14

Fortinet ≫ Fortios Version >= 7.2.0 < 7.2.8

Fortinet ≫ Fortios Version >= 7.4.0 < 7.4.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.307

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
psirt@fortinet.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://fortiguard.fortinet.com/psirt/FG-IR-23-475

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50176

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50176

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50176

EUVD