CVE-2023-47537
published 2024-02-15CVE-2023-47537: An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS…
medium4.8CVSS 3.1
AVNACHPRNUINSUCLILAN
An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortilink | — | — |
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 6.4.0 – 6.4.16 | — |
| fortinet | fortios | >= 7.0.0 < 7.0.14 | 7.0.14 |
| fortinet | fortios | 7.0.0 – 7.0.15 | — |
| fortinet | fortios | 7.2.0 – 7.2.6 | — |
| fortinet | fortios | 7.4.0 – 7.4.1 | — |
| fortinet | fortiswitch | — | — |