cvelistv5 - CVE-2023-44255

CVE-2023-44255

Vulnerability from cvelistv5

Published

2024-11-12 18:53

Modified

2024-11-13 18:27

Severity ?

4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RC:C

Summary

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-23-267	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiManager

Version: 7.4.0   ≤ 7.4.2
Version: 7.2.0   ≤ 7.2.5
Version: 7.0.0   ≤ 7.0.13
Version: 6.4.0   ≤ 6.4.15
Version: 6.2.0   ≤ 6.2.13
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*

Fortinet

FortiAnalyzer

Version: 7.4.0   ≤ 7.4.2
Version: 7.2.0   ≤ 7.2.3
Version: 7.0.0   ≤ 7.0.13
Version: 6.4.0   ≤ 6.4.15
Version: 6.2.0   ≤ 6.2.13
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44255",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T18:26:57.803174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:27:11.736Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-359",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:53.585Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-267",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-267"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-44255",
    "datePublished": "2024-11-12T18:53:53.585Z",
    "dateReserved": "2023-09-27T12:26:48.750Z",
    "dateUpdated": "2024-11-13T18:27:11.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-44255\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2024-11-12T19:15:06.850\",\"lastModified\":\"2025-01-21T22:02:45.480\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.\"},{\"lang\":\"es\",\"value\":\"Una exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado [CWE-200] en Fortinet FortiManager anterior a 7.4.2, FortiAnalyzer anterior a 7.4.2 y FortiAnalyzer-BigData anterior a 7.2.5 puede permitir que un atacante privilegiado con permisos de lectura administrativos lea registros de eventos de otro adom a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":4.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":4.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-359\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"7.4.3\",\"matchCriteriaId\":\"452AE920-49A0-4A7C-840C-4AD5510B7AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.1\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"6624F8AB-9A5E-43DD-8430-900D3946130F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"7.4.3\",\"matchCriteriaId\":\"D7F7A7D1-A7E0-429D-B4F8-BD64A6E2497F\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-23-267\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-44255\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-13T18:26:57.803174Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-13T18:27:07.116Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 3.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:C\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.15\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.13\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiAnalyzer\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.3\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.15\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.13\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiManager version 7.4.3 or above \\nPlease upgrade to FortiAnalyzer version 7.4.3 or above \\nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-23-267\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-23-267\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-359\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2024-11-12T18:53:53.585Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-44255\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-13T18:27:11.736Z\", \"dateReserved\": \"2023-09-27T12:26:48.750Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2024-11-12T18:53:53.585Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2023-44255

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2023-44255

Aliases

CVE-2023-44255

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-44255",
    "id": "GSD-2023-44255"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-44255"
      ],
      "id": "GSD-2023-44255",
      "modified": "2023-12-13T01:20:38.629947Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-44255",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

wid-sec-w-2024-3447

Vulnerability from csaf_certbund

Published

2024-11-12 23:00

Modified

2024-11-12 23:00

Summary

Fortinet FortiAnalyzer: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung. FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen und Dateien zu manipulieren.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung.\r\nFortiManager Security Management Appliances erm\u00f6glicht die Verwaltung von Fortinet Network Security Ger\u00e4ten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuf\u00fchren und Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3447 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3447.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3447 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3447"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-23-267 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-23-267"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-23-396 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-23-396"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-098 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-098"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-099 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-099"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-115 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-115"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-116 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-116"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-125 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-125"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-179 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-179"
      }
    ],
    "source_lang": "en-US",
    "title": "Fortinet FortiAnalyzer: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-13T12:16:11.658+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3447",
      "initial_release_date": "2024-11-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiAnalyzer \u003c7.4.3",
                  "product_id": "T039035"
                }
              },
              {
                "category": "product_version",
                "name": "7.4.3",
                "product": {
                  "name": "Fortinet FortiAnalyzer 7.4.3",
                  "product_id": "T039035-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "BigData \u003c7.2.6",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData \u003c7.2.6",
                  "product_id": "T039036"
                }
              },
              {
                "category": "product_version",
                "name": "BigData 7.2.6",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData 7.2.6",
                  "product_id": "T039036-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.2.6",
                "product": {
                  "name": "Fortinet FortiAnalyzer \u003c7.2.6",
                  "product_id": "T039038"
                }
              },
              {
                "category": "product_version",
                "name": "7.2.6",
                "product": {
                  "name": "Fortinet FortiAnalyzer 7.2.6",
                  "product_id": "T039038-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:7.2.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0.13",
                "product": {
                  "name": "Fortinet FortiAnalyzer \u003c7.0.13",
                  "product_id": "T039039"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.13",
                "product": {
                  "name": "Fortinet FortiAnalyzer 7.0.13",
                  "product_id": "T039039-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:7.0.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.15",
                "product": {
                  "name": "Fortinet FortiAnalyzer \u003c6.4.15",
                  "product_id": "T039040"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.15",
                "product": {
                  "name": "Fortinet FortiAnalyzer 6.4.15",
                  "product_id": "T039040-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:6.4.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "BigData \u003c7.4.1",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData \u003c7.4.1",
                  "product_id": "T039041"
                }
              },
              {
                "category": "product_version",
                "name": "BigData 7.4.1",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData 7.4.1",
                  "product_id": "T039041-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:bigdata__7.4.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "BigData \u003c7.2.7",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData \u003c7.2.7",
                  "product_id": "T039042"
                }
              },
              {
                "category": "product_version",
                "name": "BigData 7.2.7",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData 7.2.7",
                  "product_id": "T039042-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "BigData \u003c7.2.8",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData \u003c7.2.8",
                  "product_id": "T039046"
                }
              },
              {
                "category": "product_version",
                "name": "BigData 7.2.8",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData 7.2.8",
                  "product_id": "T039046-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cloud \u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiAnalyzer Cloud \u003c7.4.3",
                  "product_id": "T039047"
                }
              },
              {
                "category": "product_version",
                "name": "Cloud 7.4.3",
                "product": {
                  "name": "Fortinet FortiAnalyzer Cloud 7.4.3",
                  "product_id": "T039047-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:cloud__7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cloud \u003c7.2.7",
                "product": {
                  "name": "Fortinet FortiAnalyzer Cloud \u003c7.2.7",
                  "product_id": "T039048"
                }
              },
              {
                "category": "product_version",
                "name": "Cloud 7.2.7",
                "product": {
                  "name": "Fortinet FortiAnalyzer Cloud 7.2.7",
                  "product_id": "T039048-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:cloud__7.2.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiAnalyzer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiManager \u003c7.4.3",
                  "product_id": "T039037"
                }
              },
              {
                "category": "product_version",
                "name": "7.4.3",
                "product": {
                  "name": "Fortinet FortiManager 7.4.3",
                  "product_id": "T039037-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.2.6",
                "product": {
                  "name": "Fortinet FortiManager \u003c7.2.6",
                  "product_id": "T039043"
                }
              },
              {
                "category": "product_version",
                "name": "7.2.6",
                "product": {
                  "name": "Fortinet FortiManager 7.2.6",
                  "product_id": "T039043-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:7.2.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0.13",
                "product": {
                  "name": "Fortinet FortiManager \u003c7.0.13",
                  "product_id": "T039044"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.13",
                "product": {
                  "name": "Fortinet FortiManager 7.0.13",
                  "product_id": "T039044-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:7.0.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.15",
                "product": {
                  "name": "Fortinet FortiManager \u003c6.4.15",
                  "product_id": "T039045"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.15",
                "product": {
                  "name": "Fortinet FortiManager 6.4.15",
                  "product_id": "T039045-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:6.4.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cloud \u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiManager Cloud \u003c7.4.3",
                  "product_id": "T039049"
                }
              },
              {
                "category": "product_version",
                "name": "Cloud 7.4.3",
                "product": {
                  "name": "Fortinet FortiManager Cloud 7.4.3",
                  "product_id": "T039049-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:cloud__7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cloud \u003c7.2.6",
                "product": {
                  "name": "Fortinet FortiManager Cloud \u003c7.2.6",
                  "product_id": "T039050"
                }
              },
              {
                "category": "product_version",
                "name": "Cloud 7.2.6",
                "product": {
                  "name": "Fortinet FortiManager Cloud 7.2.6",
                  "product_id": "T039050-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:cloud__7.2.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiManager"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-44255",
      "notes": [
        {
          "category": "description",
          "text": "In Fortinet FortiAnalyzer und Fortinet FortiManager besteht eine Schwachstelle. Die Sicherheitsl\u00fccke ist auf eine fehlerhafte Zugriffskontrolle zur\u00fcckzuf\u00fchren, die zur Offenlegung personenbezogener Daten f\u00fchrt. Ein authentisierter Angreifer mit administrativen Leserechten kann diese Schwachstelle ausnutzen, um Ereignisprotokolle von einem anderen ADOM zu lesen, indem er bestimmte HTTP- oder HTTPS-Anfragen erstellt."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039046",
          "T039035",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2023-44255"
    },
    {
      "cve": "CVE-2024-23666",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus einer clientseitigen Durchsetzung von serverseitigen Sicherheitsproblemen. Ein authentisierter Angreifer mit Nur-Lese-Zugriff kann diese Schwachstelle ausnutzen, um erh\u00f6hte Berechtigungen zu erlangen und nicht autorisierte, sensible Operationen durchzuf\u00fchren, indem er speziell gestaltete Anfragen sendet."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-23666"
    },
    {
      "cve": "CVE-2024-31496",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Stack-Based Buffer Overflow-Problems im CLI. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Befehle \u00fcber die CLI beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039046",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-31496"
    },
    {
      "cve": "CVE-2024-32116",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus mehreren relativen Pfadtraversalproblemen. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um Dateien aus dem unterliegenden Dateisystem durch speziell gestaltete CLI-Anfragen zu l\u00f6schen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039046",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-32116"
    },
    {
      "cve": "CVE-2024-32118",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle wird durch die unsachgem\u00e4\u00dfe Neutralisierung bestimmter Elemente verursacht, was zu einem OS-Injection-Problem f\u00fchrt. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er bestimmte CLI-Anfragen erstellt."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039046",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-32118"
    },
    {
      "cve": "CVE-2024-33505",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Heap-basierten Puffer\u00fcberlaufproblems.Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erh\u00f6hte Privilegien zu erlangen und beliebigen Code oder Befehle als Benutzer mit eingeschr\u00e4nkten Privilegien auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039045",
          "T039044",
          "T039050",
          "T039040",
          "T039039",
          "T039047",
          "T039035",
          "T039038",
          "T039049",
          "T039037",
          "T039048"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-33505"
    },
    {
      "cve": "CVE-2024-35274",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Sicherheitsl\u00fccke besteht aufgrund einer fehlerhaften Dateipfadbeschr\u00e4nkung, die eingeschr\u00e4nkte Directories nicht ausreichend durchsetzt. Ein lokaler Angreifer mit Administratorzugriff kann diese Schwachstelle ausnutzen, um \u00fcber manipulierte CLI-Anfragen Dateien in bestimmten Directories zu erstellen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039046",
          "T039035",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-35274"
    },
    {
      "cve": "CVE-2024-32117",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle ist auf ein Path-Traversal-Problem zur\u00fcckzuf\u00fchren, das dazu f\u00fchrt, dass Einschr\u00e4nkungen f\u00fcr Directories nicht korrekt durchgesetzt werden. Ein authentisierter Angreifer mit privilegiertem Zugriff kann diese Schwachstelle ausnutzen, um beliebige Dateien aus dem unterliegenden System zu lesen, indem er manipulierte HTTP- oder HTTPS-Anfragen sendet."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039046",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-32117"
    }
  ]
}

WID-SEC-W-2024-3447

Vulnerability from csaf_certbund

Published

2024-11-12 23:00

Modified

2024-11-12 23:00

Summary

Fortinet FortiAnalyzer: Mehrere Schwachstellen

Notes

Produktbeschreibung

FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung. FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.

Angriff

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung.\r\nFortiManager Security Management Appliances erm\u00f6glicht die Verwaltung von Fortinet Network Security Ger\u00e4ten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuf\u00fchren und Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3447 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3447.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3447 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3447"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-23-267 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-23-267"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-23-396 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-23-396"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-098 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-098"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-099 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-099"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-115 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-115"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-116 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-116"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-125 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-125"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-179 vom 2024-11-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-179"
      }
    ],
    "source_lang": "en-US",
    "title": "Fortinet FortiAnalyzer: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-13T12:16:11.658+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3447",
      "initial_release_date": "2024-11-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiAnalyzer \u003c7.4.3",
                  "product_id": "T039035"
                }
              },
              {
                "category": "product_version",
                "name": "7.4.3",
                "product": {
                  "name": "Fortinet FortiAnalyzer 7.4.3",
                  "product_id": "T039035-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "BigData \u003c7.2.6",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData \u003c7.2.6",
                  "product_id": "T039036"
                }
              },
              {
                "category": "product_version",
                "name": "BigData 7.2.6",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData 7.2.6",
                  "product_id": "T039036-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.2.6",
                "product": {
                  "name": "Fortinet FortiAnalyzer \u003c7.2.6",
                  "product_id": "T039038"
                }
              },
              {
                "category": "product_version",
                "name": "7.2.6",
                "product": {
                  "name": "Fortinet FortiAnalyzer 7.2.6",
                  "product_id": "T039038-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:7.2.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0.13",
                "product": {
                  "name": "Fortinet FortiAnalyzer \u003c7.0.13",
                  "product_id": "T039039"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.13",
                "product": {
                  "name": "Fortinet FortiAnalyzer 7.0.13",
                  "product_id": "T039039-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:7.0.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.15",
                "product": {
                  "name": "Fortinet FortiAnalyzer \u003c6.4.15",
                  "product_id": "T039040"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.15",
                "product": {
                  "name": "Fortinet FortiAnalyzer 6.4.15",
                  "product_id": "T039040-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:6.4.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "BigData \u003c7.4.1",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData \u003c7.4.1",
                  "product_id": "T039041"
                }
              },
              {
                "category": "product_version",
                "name": "BigData 7.4.1",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData 7.4.1",
                  "product_id": "T039041-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:bigdata__7.4.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "BigData \u003c7.2.7",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData \u003c7.2.7",
                  "product_id": "T039042"
                }
              },
              {
                "category": "product_version",
                "name": "BigData 7.2.7",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData 7.2.7",
                  "product_id": "T039042-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "BigData \u003c7.2.8",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData \u003c7.2.8",
                  "product_id": "T039046"
                }
              },
              {
                "category": "product_version",
                "name": "BigData 7.2.8",
                "product": {
                  "name": "Fortinet FortiAnalyzer BigData 7.2.8",
                  "product_id": "T039046-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cloud \u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiAnalyzer Cloud \u003c7.4.3",
                  "product_id": "T039047"
                }
              },
              {
                "category": "product_version",
                "name": "Cloud 7.4.3",
                "product": {
                  "name": "Fortinet FortiAnalyzer Cloud 7.4.3",
                  "product_id": "T039047-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:cloud__7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cloud \u003c7.2.7",
                "product": {
                  "name": "Fortinet FortiAnalyzer Cloud \u003c7.2.7",
                  "product_id": "T039048"
                }
              },
              {
                "category": "product_version",
                "name": "Cloud 7.2.7",
                "product": {
                  "name": "Fortinet FortiAnalyzer Cloud 7.2.7",
                  "product_id": "T039048-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:cloud__7.2.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiAnalyzer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiManager \u003c7.4.3",
                  "product_id": "T039037"
                }
              },
              {
                "category": "product_version",
                "name": "7.4.3",
                "product": {
                  "name": "Fortinet FortiManager 7.4.3",
                  "product_id": "T039037-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.2.6",
                "product": {
                  "name": "Fortinet FortiManager \u003c7.2.6",
                  "product_id": "T039043"
                }
              },
              {
                "category": "product_version",
                "name": "7.2.6",
                "product": {
                  "name": "Fortinet FortiManager 7.2.6",
                  "product_id": "T039043-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:7.2.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0.13",
                "product": {
                  "name": "Fortinet FortiManager \u003c7.0.13",
                  "product_id": "T039044"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.13",
                "product": {
                  "name": "Fortinet FortiManager 7.0.13",
                  "product_id": "T039044-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:7.0.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.15",
                "product": {
                  "name": "Fortinet FortiManager \u003c6.4.15",
                  "product_id": "T039045"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.15",
                "product": {
                  "name": "Fortinet FortiManager 6.4.15",
                  "product_id": "T039045-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:6.4.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cloud \u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiManager Cloud \u003c7.4.3",
                  "product_id": "T039049"
                }
              },
              {
                "category": "product_version",
                "name": "Cloud 7.4.3",
                "product": {
                  "name": "Fortinet FortiManager Cloud 7.4.3",
                  "product_id": "T039049-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:cloud__7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cloud \u003c7.2.6",
                "product": {
                  "name": "Fortinet FortiManager Cloud \u003c7.2.6",
                  "product_id": "T039050"
                }
              },
              {
                "category": "product_version",
                "name": "Cloud 7.2.6",
                "product": {
                  "name": "Fortinet FortiManager Cloud 7.2.6",
                  "product_id": "T039050-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:cloud__7.2.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiManager"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-44255",
      "notes": [
        {
          "category": "description",
          "text": "In Fortinet FortiAnalyzer und Fortinet FortiManager besteht eine Schwachstelle. Die Sicherheitsl\u00fccke ist auf eine fehlerhafte Zugriffskontrolle zur\u00fcckzuf\u00fchren, die zur Offenlegung personenbezogener Daten f\u00fchrt. Ein authentisierter Angreifer mit administrativen Leserechten kann diese Schwachstelle ausnutzen, um Ereignisprotokolle von einem anderen ADOM zu lesen, indem er bestimmte HTTP- oder HTTPS-Anfragen erstellt."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039046",
          "T039035",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2023-44255"
    },
    {
      "cve": "CVE-2024-23666",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus einer clientseitigen Durchsetzung von serverseitigen Sicherheitsproblemen. Ein authentisierter Angreifer mit Nur-Lese-Zugriff kann diese Schwachstelle ausnutzen, um erh\u00f6hte Berechtigungen zu erlangen und nicht autorisierte, sensible Operationen durchzuf\u00fchren, indem er speziell gestaltete Anfragen sendet."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-23666"
    },
    {
      "cve": "CVE-2024-31496",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Stack-Based Buffer Overflow-Problems im CLI. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Befehle \u00fcber die CLI beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039046",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-31496"
    },
    {
      "cve": "CVE-2024-32116",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus mehreren relativen Pfadtraversalproblemen. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um Dateien aus dem unterliegenden Dateisystem durch speziell gestaltete CLI-Anfragen zu l\u00f6schen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039046",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-32116"
    },
    {
      "cve": "CVE-2024-32118",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle wird durch die unsachgem\u00e4\u00dfe Neutralisierung bestimmter Elemente verursacht, was zu einem OS-Injection-Problem f\u00fchrt. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er bestimmte CLI-Anfragen erstellt."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039046",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-32118"
    },
    {
      "cve": "CVE-2024-33505",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Heap-basierten Puffer\u00fcberlaufproblems.Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erh\u00f6hte Privilegien zu erlangen und beliebigen Code oder Befehle als Benutzer mit eingeschr\u00e4nkten Privilegien auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039045",
          "T039044",
          "T039050",
          "T039040",
          "T039039",
          "T039047",
          "T039035",
          "T039038",
          "T039049",
          "T039037",
          "T039048"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-33505"
    },
    {
      "cve": "CVE-2024-35274",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Sicherheitsl\u00fccke besteht aufgrund einer fehlerhaften Dateipfadbeschr\u00e4nkung, die eingeschr\u00e4nkte Directories nicht ausreichend durchsetzt. Ein lokaler Angreifer mit Administratorzugriff kann diese Schwachstelle ausnutzen, um \u00fcber manipulierte CLI-Anfragen Dateien in bestimmten Directories zu erstellen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039046",
          "T039035",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-35274"
    },
    {
      "cve": "CVE-2024-32117",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle ist auf ein Path-Traversal-Problem zur\u00fcckzuf\u00fchren, das dazu f\u00fchrt, dass Einschr\u00e4nkungen f\u00fcr Directories nicht korrekt durchgesetzt werden. Ein authentisierter Angreifer mit privilegiertem Zugriff kann diese Schwachstelle ausnutzen, um beliebige Dateien aus dem unterliegenden System zu lesen, indem er manipulierte HTTP- oder HTTPS-Anfragen sendet."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039043",
          "T039042",
          "T039045",
          "T039044",
          "T039041",
          "T039040",
          "T039039",
          "T039036",
          "T039035",
          "T039046",
          "T039038",
          "T039037"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-32117"
    }
  ]
}

ghsa-cmm4-x589-xjmx

Vulnerability from github

Published

2024-11-12 21:30

Modified

2024-11-12 21:30

Severity ?

4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-44255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-359"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T19:15:06Z",
    "severity": "MODERATE"
  },
  "details": "An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.",
  "id": "GHSA-cmm4-x589-xjmx",
  "modified": "2024-11-12T21:30:51Z",
  "published": "2024-11-12T21:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44255"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-267"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2023-44255

Vulnerability from fkie_nvd

Published

2024-11-12 19:15

Modified

2025-01-21 22:02

Severity ?

4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Summary

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-23-267	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortianalyzer	*
fortinet	fortianalyzer_big_data	*
fortinet	fortimanager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "452AE920-49A0-4A7C-840C-4AD5510B7AF2",
              "versionEndExcluding": "7.4.3",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6624F8AB-9A5E-43DD-8430-900D3946130F",
              "versionEndExcluding": "7.2.6",
              "versionStartIncluding": "6.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7F7A7D1-A7E0-429D-B4F8-BD64A6E2497F",
              "versionEndExcluding": "7.4.3",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests."
    },
    {
      "lang": "es",
      "value": "Una exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado [CWE-200] en Fortinet FortiManager anterior a 7.4.2, FortiAnalyzer anterior a 7.4.2 y FortiAnalyzer-BigData anterior a 7.2.5 puede permitir que un atacante privilegiado con permisos de lectura administrativos lea registros de eventos de otro adom a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas."
    }
  ],
  "id": "CVE-2023-44255",
  "lastModified": "2025-01-21T22:02:45.480",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 1.4,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-12T19:15:06.850",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-267"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-359"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-44255

Vulnerability from cvelistv5

gsd-2023-44255

Vulnerability from gsd

wid-sec-w-2024-3447

Vulnerability from csaf_certbund

WID-SEC-W-2024-3447

Vulnerability from csaf_certbund

ghsa-cmm4-x589-xjmx

Vulnerability from github

fkie_cve-2023-44255

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature