CVE-2023-50180

Summary

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.4.0 <= 7.4.1affected
FortinetFortiADC7.2.0 <= 7.2.3affected
FortinetFortiADC7.1.0 <= 7.1.4affected
FortinetFortiADC7.0.0 <= 7.0.5affected
FortinetFortiADC6.2.0 <= 6.2.6affected

Weaknesses

  • CWE-497: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References