{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44256", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-09-27T12:26:48.751Z", "datePublished": "2023-10-20T09:04:52.906Z", "dateUpdated": "2024-09-12T14:30:39.261Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiAnalyzer", "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.2", "lessThanOrEqual": "7.0.8", "status": "affected"}, {"versionType": "semver", "version": "6.4.8", "lessThanOrEqual": "6.4.13", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager", "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-10-20T09:04:52.906Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above "}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-19-039", "url": "https://fortiguard.com/psirt/FG-IR-19-039"}, {"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.976Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-19-039", "url": "https://fortiguard.com/psirt/FG-IR-19-039", "tags": ["x_transferred"]}, {"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "fortinet", "product": "fortianalyzer", "cpes": ["cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.4.0", "status": "affected"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.3", "versionType": "custom"}, {"version": "7.0.2", "status": "affected", "lessThanOrEqual": "7.0.8", "versionType": "custom"}, {"version": "6.4.8", "status": "affected", "lessThanOrEqual": "6.4.13", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortimanager", "cpes": ["cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.4.0", "status": "affected"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.3", "versionType": "custom"}, {"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.8", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T14:18:34.268176Z", "id": "CVE-2023-44256", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:30:39.261Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44256", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-09-27T12:26:48.751Z", "datePublished": "2023-10-20T09:04:52.906Z", "dateUpdated": "2024-09-12T14:30:39.261Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiAnalyzer", "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.2", "lessThanOrEqual": "7.0.8", "status": "affected"}, {"versionType": "semver", "version": "6.4.8", "lessThanOrEqual": "6.4.13", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager", "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-10-20T09:04:52.906Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above "}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-19-039", "url": "https://fortiguard.com/psirt/FG-IR-19-039"}, {"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.976Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-19-039", "url": "https://fortiguard.com/psirt/FG-IR-19-039", "tags": ["x_transferred"]}, {"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44256", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-12T14:18:34.268176Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortianalyzer", "versions": [{"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.0.2", "versionType": "custom", "lessThanOrEqual": "7.0.8"}, {"status": "affected", "version": "6.4.8", "versionType": "custom", "lessThanOrEqual": "6.4.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortimanager", "versions": [{"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:30:33.595Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9BAF9ED-0E72-448F-BA35-A07541B900F2", "versionEndIncluding": "6.4.13", "versionStartIncluding": "6.4.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1650789-366E-4CA3-814E-DC68B9F318DE", "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "B31BB84A-E622-4911-AAB4-41E57F661A8D", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "91A9AF01-72FD-4942-A95E-71A7609B6977", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AEFC8D4-6358-4A81-BCF3-D162871F59F1", "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."}, {"lang": "es", "value": "Una vulnerabilidad de server-side request forgery [CWE-918] en Fortinet FortiAnalyzer versi\u00f3n 7.4.0, versi\u00f3n 7.2.0 a 7.2.3 y anteriores a 7.0.8 y FortiManager versi\u00f3n 7.4.0, versi\u00f3n 7.2.0 a 7.2.3 y anteriores 7.0.8 permite a un atacante remoto con privilegios bajos ver datos confidenciales de servidores internos o realizar un escaneo de puerto local a trav\u00e9s de una solicitud HTTP manipulada."}], "id": "CVE-2023-44256", "lastModified": "2024-11-21T08:25:31.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-20T10:15:12.870", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-039"}, {"source": "psirt@fortinet.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}