Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41679: Fortiguard

An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least “device management” permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs

CVE
Open in Source
#vulnerability#auth

** PSIRT Advisories**

FortiManager - Improper inter ADOM access control

Summary

An improper access control vulnerability [CWE-284] in FortiManager management interface may allow a remote and authenticated attacker with at least “device management” permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs

Affected Products

FortiManager version 7.2.0 through 7.2.2
FortiManager version 7.0.0 through 7.0.7
FortiManager version 6.4.0 through 6.4.11
FortiManager 6.2 all versions
FortiManager 6.0 all versions

Solutions

Please upgrade to FortiManager version 7.4.0 or above
Please upgrade to FortiManager version 7.2.3 or above
Please upgrade to FortiManager version 7.0.8 or above
Please upgrade to FortiManager version 6.4.12 or above

Acknowledgement

Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.

Timeline

2023-09-15: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE