CVE-2023-41673

Summary

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.4.0affected
FortinetFortiADC7.2.0 <= 7.2.2affected
FortinetFortiADC7.1.0 <= 7.1.4affected
FortinetFortiADC7.0.0 <= 7.0.5affected
FortinetFortiADC6.2.0 <= 6.2.6affected
FortinetFortiADC6.1.0 <= 6.1.6affected
FortinetFortiADC6.0.0 <= 6.0.4affected

Weaknesses

  • CWE-285: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

References