CVE-2023-44253 — Sensitive Information Exposure in Fortinet Fortianalyzer

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 51.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager

Timeline

PublishedFeb 15

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5fortinet/fortianalyzer7.4.0 — 7.4.1+4

▶NVDfortinet/fortianalyzer6.2.0 — 6.2.12+5

▶CVEListV5fortinet/fortimanager7.4.0 — 7.4.1+4

▶NVDfortinet/fortimanager6.2.0 — 6.2.12+5

🔴Vulnerability Details

GHSA

GHSA-4c39-5qhc-788c: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7↗2024-02-15

▶

CVEList

CVE-2023-44253: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7↗2024-02-15

▶

📋Vendor Advisories

Fortinet

Informative error messages↗2024-02-15

▶