Headline
CVE-2023-41841: Fortiguard
An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.
** PSIRT Advisories**
FortiOS - Improper authorization via prof-admin profile
Summary
An improper authorization vulnerability [CWE-285] in FortiOS’s WEB UI component may allow an authenticated attacker belonging to the prof-admin profile to perform elevated actions.
Major Version
Affected Products
Solutions
FortiOS 7.4
Not affected
Upgrade to 7.4.0 or above
FortiOS 7.2
7.2.0 through 7.2.4
Upgrade to 7.2.5 or above
FortiOS 7.0
7.0.0 through 7.0.11
Upgrade to 7.0.12 or above
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool
Acknowledgement
Internally discovered and reported by Fortinet QA team.
Timeline
2023-09-15: Initial publication