VDB
CVE-2023-44255
CVE-2023-44255
PUBLISHED
In Fortinet FortiAnalyzer und Fortinet FortiManager besteht eine Schwachstelle. Die Sicherheitslücke ist auf eine fehlerhafte Zugriffskontrolle zurückzuführen, die zur Offenlegung personenbezogener Daten führt. Ein authentisierter Angreifer mit administrativen Leserechten kann diese Schwachstelle ausnutzen, um Ereignisprotokolle von einem anderen ADOM zu lesen, indem er bestimmte HTTP- oder HTTPS-Anfragen erstellt.
EPSS 0.14% · 34.7th percentile
Risk Scores
EPSS Score
0.14%
34.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinet FortiManager <6.4.15 | |
| Fortinet | Fortinet FortiAnalyzer BigData <7.4.1 | |
| Fortinet | Fortinet FortiAnalyzer <7.4.3 | |
| Fortinet | Fortinet FortiAnalyzer BigData <7.2.8 | |
| Fortinet | Fortinet FortiAnalyzer <7.2.6 | |
| Fortinet | Fortinet FortiManager <7.4.3 | |
| Fortinet | Fortinet FortiAnalyzer <7.0.13 | |
| Fortinet | Fortinet FortiAnalyzer BigData <7.2.7 | |
| Fortinet | Fortinet FortiManager <7.0.13 | |
| Fortinet | Fortinet FortiAnalyzer BigData <7.2.6 | |
| Fortinet | Fortinet FortiManager <7.2.6 | |
| Fortinet | Fortinet FortiAnalyzer <6.4.15 |
Exploit Intelligence
- CIRCL seen: CVE-2023-44255 (circl-sighting)
- CIRCL seen: CVE-2023-44255 (circl-sighting)
- https://fortiguard.fortinet.com/psirt/FG-IR-23-267 (circl)
Timeline
- Nov 12, 2024 CVE Published
- Nov 12, 2024 PoC Published
- Nov 13, 2024 EPSS Score
- Nov 13, 2024 PoC Published
- Nov 13, 2024 CVE Updated
- Dec 2, 2024 EPSS Score
- Dec 19, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
- Jan 24, 2025 EPSS Score
- Feb 10, 2025 EPSS Score
- Feb 28, 2025 EPSS Score
- Mar 18, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3447.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3447 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-267 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-396 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-098 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-099 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-115 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-116 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-125 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-179 advisory