Vulnerabilities > CVE-2023-26205 - Unspecified vulnerability in Fortinet Fortiadc

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

fortinet

NVD

Published: 2023-11-14

Updated: 2024-11-21

Summary

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiadc 6.1.0 Fortinet Fortiadc 6.1.1 Fortinet Fortiadc 6.1.2 Fortinet Fortiadc 6.1.3 Fortinet Fortiadc 6.1.4 Fortinet Fortiadc 6.1.5 Fortinet Fortiadc 6.1.6 Fortinet Fortiadc 7.1.0 Fortinet Fortiadc 6.2.0 Fortinet Fortiadc 6.2.1 Fortinet Fortiadc 6.2.2 Fortinet Fortiadc 6.2.3 Fortinet Fortiadc 6.2.4 Fortinet Fortiadc 6.2.5 Fortinet Fortiadc 6.2.6 Fortinet Fortiadc 7.0.0 Fortinet Fortiadc 7.0.1 Fortinet Fortiadc 7.0.2 Fortinet Fortiadc 7.0.3 Fortinet Fortiadc 7.0.4 Fortinet Fortiadc 7.0.5 Fortinet Fortiadc 7.1.1 Fortinet Fortiadc 7.1.2	26

Summary

Vulnerable Configurations

References