CVE-2023-50179Improper Certificate Validation in Fortinet Fortiadc

CWE-295Improper Certificate Validation4 documents4 sources
Severity
5.9MEDIUMNVD
CNA4.8
EPSS
0.2%
top 55.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiadc
Timeline
PublishedJul 9

Description

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiadc7.0.07.4.1
CVEListV5fortinet/fortiadc7.2.07.2.6+3

🔴Vulnerability Details

2
GHSA
GHSA-p8xm-24ph-gvrg: An improper certificate validation vulnerability [CWE-295] in FortiADC 72024-07-09
CVEList
CVE-2023-50179: An improper certificate validation vulnerability [CWE-295] in FortiADC 72024-07-09

📋Vendor Advisories

1
Fortinet
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 al...2024-07-09
CVE-2023-50179 — Improper Certificate Validation | cvebase