CVE-2023-25603

CWE-9424 documents4 sources
Severity
9.1CRITICAL
EPSS
0.2%
top 58.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiadcFortinet Fortiddos-f
Timeline
PublishedNov 14

Description

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

CVEListV5fortinet/fortiadc7.1.07.1.1
CVEListV5fortinet/fortiddos-f6.4.06.4.1+1
NVDfortinet/fortiddos-f6.3.06.3.4+2
NVDfortinet/fortiadc7.1.0, 7.1.1+1

🔴Vulnerability Details

2
CVEList
CVE-2023-25603: A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 72023-11-14
GHSA
GHSA-8x2v-m87x-jx78: A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 72023-11-14

📋Vendor Advisories

1
Fortinet
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6...2023-11-14
CVE-2023-25603 (CRITICAL CVSS 9.1) | A permissive cross-domain policy wi | cvebase.io