CVE-2023-44253

Published Feb 15, 2024

Last updated 8 months ago

CVSS medium 5.0

Overview

Description: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
Source: psirt@fortinet.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5
Impact score: 1.4
Exploitability score: 3.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
psirt@fortinet.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "285EC81A-34F0-4153-82DE-6A49C05EB240",
            "versionEndIncluding": "6.2.12",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AC08BD1-2008-4B3B-8594-A28F8DB9DC8C",
            "versionEndIncluding": "6.4.14",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF3BCBBD-C706-4B2E-A01B-C1205EE28155",
            "versionEndIncluding": "7.0.11",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B31BB84A-E622-4911-AAB4-41E57F661A8D",
            "versionEndIncluding": "7.2.3",
            "versionStartIncluding": "7.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91A9AF01-72FD-4942-A95E-71A7609B6977"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "838EB502-C11B-4ED6-9CF2-D067048F3A59"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09105C5B-378F-4E1A-B395-F43573983A26",
            "versionEndIncluding": "6.2.12",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E862237-362D-400A-A81E-305CDBD1077A",
            "versionEndIncluding": "6.4.14",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13D172A0-5DB2-4A3E-A984-BB57D39AEE36",
            "versionEndIncluding": "7.0.11",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19",
            "versionEndIncluding": "7.2.3",
            "versionStartIncluding": "7.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF7F0AC2-9F06-4961-9671-B44B5B8EB701"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References