CVE-2023-25609

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.

Published: Jun 13, 2023
Updated: Jun 18, 2023
CVE: CVE-2023-25609
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
fortinet / fortimanager	7.2.0	7.2.0.x
fortinet / fortianalyzer	7.2.0	7.2.0.x
fortinet / fortianalyzer	7.2.1	7.2.1.x
fortinet / fortimanager	7.2.1	7.2.1.x
fortinet / fortimanager	6.4.8	6.4.11.x
fortinet / fortimanager	7.0.0	7.0.6.x
fortinet / fortianalyzer	6.4.8	6.4.11.x
fortinet / fortianalyzer	7.0.0	7.0.6.x

https://fortiguard.com/psirt/FG-IR-22-493

Vulnerability Database

289,784

CVE-2023-25609