cbcvebase.
CVE-2023-25603
published 2023-11-14

CVE-2023-25603: A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an…

critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

Affected

11 ranges
VendorProductVersion rangeFixed in
fortinetfortiadc
fortinetfortiadc
fortinetfortiadc
fortinetfortiadc7.1.0 – 7.1.1
fortinetfortiddos
fortinetfortiddos-f
fortinetfortiddos-f
fortinetfortiddos-f
fortinetfortiddos-f6.3.0 – 6.3.4
fortinetfortiddos-f6.4.0 – 6.4.1
fortinetfortinet