CVE-2023-50176 HIGH

CVE-2023-50176

Vendor Fortinet
Product FortiOS
Weakness CWE-384 · Session fixation
Published November 12, 2024
Last update November 13, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X

What the vulnerability does

01Description

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 13, 2024 Record updated