CVE-2023-33301Improper Access Control in Fortinet Fortios

CWE-284Improper Access Control5 documents5 sources
Severity
4.3MEDIUMNVD
CNA6.5
EPSS
0.1%
top 67.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedOct 10
Latest updateMar 14

Description

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/fortios7.2.07.2.4+1
NVDfortinet/fortios7.2.07.2.4+1

🔴Vulnerability Details

2
GHSA
GHSA-5mqc-jpw5-5hrh: An improper access control vulnerability in Fortinet FortiOS 72023-10-10
CVEList
CVE-2023-33301: An improper access control vulnerability in Fortinet FortiOS 72023-10-10

📋Vendor Advisories

2
CISA ICS
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices2024-03-14
Fortinet
REST API trusted host bypass2023-10-10
CVE-2023-33301 — Improper Access Control in Fortinet | cvebase