CVE-2023-33303

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 13, 2023

Updated: Nov 7, 2023

CWE ID 613

Summary

CVE-2023-33303 is a recently disclosed vulnerability affecting Fortinet FortiEDR versions 5.0.0 through 5.0.1. This issue involves insufficient session expiration, which permits attackers to execute unauthorized code or commands through API requests. By exploiting this weakness, an adversary could potentially gain unauthorized access to sensitive data or even take control of the affected system, leading to significant security risks. Organizations using FortiEDR are strongly advised to apply the available patch as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiEDR

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s-Un3t
https://www.cve.org/CVERecord?id=CVE-2023-33303
https://nvd.nist.gov/vuln/detail/CVE-2023-33303

Back to Vulnerability Database