CVE-2023-44252
published 2023-12-13CVE-2023-44252: ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortiwan | — | — |
| fortinet | fortiwan | — | — |
| fortinet | fortiwan | — | — |
| fortinet | fortiwan | — | — |
| fortinet | fortiwan | — | — |
| fortinet | fortiwan | 5.1.1 – 5.1.2 | — |
| fortinet | fortiwan | 5.2.0 – 5.2.1 | — |