CVE-2023-44256

Summary

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAnalyzer7.4.0affected
FortinetFortiAnalyzer7.2.0 <= 7.2.3affected
FortinetFortiAnalyzer7.0.2 <= 7.0.8affected
FortinetFortiAnalyzer6.4.8 <= 6.4.13affected
FortinetFortiManager7.4.0affected
FortinetFortiManager7.2.0 <= 7.2.3affected
FortinetFortiManager7.0.0 <= 7.0.8affected

Weaknesses

  • CWE-22: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References