Headline
CVE-2023-33301: Fortiguard
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.
** PSIRT Advisories**
FortiOS - REST API trusted host bypass
Summary
An improper access control vulnerability [CWE-284] in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host.
Affected Products
FortiOS version 7.4.0
FortiOS version 7.2.0 through 7.2.4
Solutions
Please upgrade to FortiOS version 7.4.1 or above
Please upgrade to FortiOS version 7.2.5 or above
Acknowledgement
Internally discovered and reported by Justin Lum from FortiOS development team.
Timeline
2023-10-10: Initial publication