CVE-2023-41673 — Vulnetix

CVE-2023-41673 PUBLISHED CVSS 6.900000095367432 MEDIUM

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

EPSS 0.16% · 36.7th percentile

Risk Scores

CVSS 3.1

6.900000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RL:X/RC:C

EPSS Score

0.16%

36.7th percentile

Affected Products

Vendor	Product	Versions
fortinet	fortiadc	7.4.0, 6.1.0, 6.2.0
Fortinet	FortiADC	7.2.0, 7.1.0, 7.0.0

Exploit Intelligence

CIRCL seen: CVE-2023-41673 (circl-sighting)
https://fortiguard.com/psirt/FG-IR-23-270 (circl)

Timeline

Dec 13, 2023 CVE Published
Dec 13, 2023 EPSS Score
Dec 13, 2023 PoC Published
Jan 11, 2024 EPSS Score
Feb 10, 2024 EPSS Score
Mar 10, 2024 EPSS Score
Apr 8, 2024 EPSS Score
May 7, 2024 EPSS Score
Jun 6, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Aug 3, 2024 EPSS Score
Sep 1, 2024 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-23-138 advisory
https://www.fortiguard.com/psirt/FG-IR-23-270 advisory
https://www.fortiguard.com/psirt/FG-IR-23-214 advisory
https://www.fortiguard.com/psirt/FG-IR-23-196 advisory
https://www.fortiguard.com/psirt/FG-IR-23-360 advisory
https://www.fortiguard.com/psirt/FG-IR-23-439 advisory
https://www.fortiguard.com/psirt/FG-IR-23-425 advisory
https://www.fortiguard.com/psirt/FG-IR-22-038 advisory
https://www.fortiguard.com/psirt/FG-IR-23-256 advisory
https://www.fortiguard.com/psirt/FG-IR-22-345 advisory
https://www.fortiguard.com/psirt/FG-IR-23-432 advisory
https://www.fortiguard.com/psirt/FG-IR-23-450 advisory
https://fortiguard.com/psirt/FG-IR-23-270 url
https://nvd.nist.gov/vuln/detail/CVE-2023-41673 advisory

Open in Interactive Console →