CVE-2023-50176Session Fixation in Fortinet Fortios

CWE-384Session Fixation4 documents4 sources
Severity
8.8HIGHNVD
CNA7.5
EPSS
0.3%
top 50.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedNov 12

Description

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortios7.0.07.0.14+2
CVEListV5fortinet/fortios7.4.07.4.3+2

🔴Vulnerability Details

2
GHSA
GHSA-cfhv-h3jw-vx5r: A session fixation in Fortinet FortiOS version 72024-11-12
CVEList
CVE-2023-50176: A session fixation in Fortinet FortiOS version 72024-11-12

📋Vendor Advisories

1
Fortinet
FortiOS - SSLVPN session hijacking using SAML authentication2024-11-12
CVE-2023-50176 — Session Fixation in Fortinet Fortios | cvebase