CVE-2023-25609 MEDIUM

CVE-2023-25609

Vendor Fortinet
Product FortiAnalyzer
Weakness CWE-918 · SSRF
Published June 13, 2023
Last update October 22, 2024

CVSS base score

4.2/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C

What the vulnerability does

01Description

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
October 22, 2024 Record updated