CVE-2023-44254

Summary

CVE-2023-44254 is an authorization bypass vulnerability affecting FortiAnalyzer versions 7.4.1 and earlier as well as FortiManager versions 7.4.1 and earlier, which could allow remote attackers with low privileges to access sensitive data through a specially crafted HTTP request. The vulnerability is classified as having a medium severity level with a CVSS base score of 5.0 and an exploitability score of 3.1, indicating a low attack complexity and no user interaction required. To remediate this issue, organizations should upgrade their FortiAnalyzer and FortiManager products to versions beyond 7.2.5 or apply any available patches provided by Fortinet. The potential danger posed by this vulnerability includes unauthorized access to sensitive information, which could compromise organizational data confidentiality. For further details, users can refer to the advisory available at Fortiguard's website (https://fortiguard.com/psirt/FG-IR-23-204).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.