CVE-2023-50178Improper Certificate Validation in Fortinet Fortiadc

CWE-295Improper Certificate Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 63.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiadc
Timeline
PublishedJul 9

Description

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5fortinet/fortiadc7.0.07.0.2+4
NVDfortinet/fortiadc6.0.06.0.4+5

🔴Vulnerability Details

2
GHSA
GHSA-mfjr-xfrh-92cf: An improper certificate validation vulnerability [CWE-295] in FortiADC 72024-07-09
CVEList
CVE-2023-50178: An improper certificate validation vulnerability [CWE-295] in FortiADC 72024-07-09

📋Vendor Advisories

1
Fortinet
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0...2024-07-09
CVE-2023-50178 — Improper Certificate Validation | cvebase