VDB

CVE-2023-25603

CVE-2023-25603 PUBLISHED CVSS 5.400000095367432 MEDIUM

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.

EPSS 0.20% · 41.9th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:X/RC:X
EPSS Score
0.20%
41.9th percentile

Affected Products

VendorProductVersions
FortinetFortiADC7.1.0, 6.1.0, 6.2.0
fortinetfortiadc7.1.1, 7.1.0, 7.1.1
fortinetfortiddos-f6.4.1, 6.4.0, 6.3.0
FortinetFortiDDoS-F6.3.0, 6.4.0

Timeline

  • Nov 14, 2023 CVE Published
  • Nov 15, 2023 EPSS Score
  • Dec 15, 2023 EPSS Score
  • Jan 14, 2024 EPSS Score
  • Feb 14, 2024 EPSS Score
  • Mar 15, 2024 EPSS Score
  • Apr 14, 2024 EPSS Score
  • May 14, 2024 EPSS Score
  • Jun 14, 2024 EPSS Score
  • Jul 14, 2024 EPSS Score
  • Aug 13, 2024 EPSS Score
  • Aug 30, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›