CVE-2023-37423

Summary

CVE-2023-37423 refers to a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Fortinet's EdgeConnect SD-WAN Orchestrator. An authenticated attacker can exploit this flaw to inject malicious scripts into the interface, which are then executed in a victim's browser with administrative privileges. Successful exploitation allows the attacker to gain unauthorized access to sensitive information or take control of the interface. This vulnerability poses a significant risk to organizations using the EdgeConnect SD-WAN Orchestrator and highlights the importance of keeping software up-to-date with security patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.