admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2023/25xxx/CVE-2023-25609.json
CVE Team ff0a184a3d
"-Synchronized-Data."
2023-06-13 09:00:43 +00:00

121 lines
4.9 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-25609",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server-side request forgery (SSRF) vulnerability\u00a0[CWE-918] in\u00a0FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiAnalyzer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.6"
},
{
"version_affected": "<=",
"version_name": "6.4.8",
"version_value": "6.4.11"
}
]
}
},
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.6"
},
{
"version_affected": "<=",
"version_name": "6.4.8",
"version_value": "6.4.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-493",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-493"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.7 or above Please upgrade to FortiAnalyzer version 6.4.12 or above Please upgrade to FortiManager version 7.2.2 or above Please upgrade to FortiManager version 7.0.7 or above Please upgrade to FortiManager version 6.4.12 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink