CVE-2023-36638

Summary

CVE-2023-36638 is a privilege management vulnerability affecting various versions of FortiManager and FortiAnalyzer, as identified by CWE-269. This issue enables a remote and authenticated API admin user to gain unauthorized access to certain system settings, including mail server configurations, through the API, using a stolen GUI session ID. This vulnerability poses a significant risk, as it allows unauthorized access to critical system settings, potentially leading to data breaches or system disruptions. Fortinet urges users to update their affected systems as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.