CVE-2023-44252

CWE-287Improper Authentication4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 52.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiwan
Timeline
PublishedDec 13

Description

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortiwan5.2.05.2.1+1
NVDfortinet/fortiwan4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-mjfm-wh8j-9fgg: ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 52023-12-13
CVEList
CVE-2023-44252: ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 52023-12-13

📋Vendor Advisories

1
Fortinet
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 thr...2023-12-13
CVE-2023-44252 (HIGH CVSS 8.8) | ** UNSUPPORTED WHEN ASSIGNED **An i | cvebase.io