Vulnerabilities > CVE-2023-44256 - Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fortinet

CWE-918

NVD

Published: 2023-10-20

Updated: 2023-11-07

Summary

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortianalyzer 7.4.0 Fortinet Fortianalyzer 7.2.0 Fortinet Fortianalyzer 7.2.1 Fortinet Fortianalyzer 7.2.2 Fortinet Fortianalyzer 7.0.2 Fortinet Fortianalyzer 7.0.3 Fortinet Fortianalyzer 7.0.4 Fortinet Fortianalyzer 7.0.5 Fortinet Fortianalyzer 7.0.6 Fortinet Fortianalyzer 7.0.7 Fortinet Fortianalyzer 7.0.8 Fortinet Fortianalyzer 6.4.8 Fortinet Fortianalyzer 6.4.9 Fortinet Fortianalyzer 6.4.10 Fortinet Fortianalyzer 6.4.11 Fortinet Fortianalyzer 6.4.12 Fortinet Fortianalyzer 6.4.13 Fortinet Fortimanager 7.4.0 Fortinet Fortimanager 7.2.0 Fortinet Fortimanager 7.2.1 Fortinet Fortimanager 7.2.2 Fortinet Fortimanager 7.2.3 Fortinet Fortimanager 7.0.0 Fortinet Fortimanager 7.0.1 Fortinet Fortimanager 7.0.2 Fortinet Fortimanager 7.0.3 Fortinet Fortimanager 7.0.4 Fortinet Fortimanager 7.0.5 Fortinet Fortimanager 7.0.6 Fortinet Fortimanager 7.0.7	30

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References