CVE-2023-44256 MEDIUM

CVE-2023-44256

Vendor Fortinet
Product FortiAnalyzer
Weakness CWE-22 · Path traversal
Published October 20, 2023
Last update September 12, 2024

CVSS base score

6.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X

What the vulnerability does

01Description

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

Key dates

02Disclosure timeline

October 20, 2023 CVE published
September 12, 2024 Record updated