CVE-2023-25603

Summary

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiDDoS-F6.4.0 <= 6.4.1affected
FortinetFortiDDoS-F6.3.0 <= 6.3.4affected
FortinetFortiADC7.1.0 <= 7.1.1affected

Weaknesses

  • CWE-942: Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References