CVE-2023-47536

Summary

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.2.0affected
FortinetFortiOS7.0.0 <= 7.0.13affected
FortinetFortiOS6.4.0 <= 6.4.14affected
FortinetFortiProxy7.2.0 <= 7.2.3affected
FortinetFortiProxy7.0.0 <= 7.0.9affected
FortinetFortiProxy2.0.0 <= 2.0.12affected

Weaknesses

  • CWE-284: Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References