CVE-2023-26205 - Vulnerability Details - OpenCVE

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00203.

Exploitation None

Automatable No

Technical Impact Total

Vendors	Products
Fortinet	Fortiadc

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiadc:7.1.0:::::::*
	cpe:2.3:a:fortinet:fortiadc:7.1.1:::::::*
	cpe:2.3:a:fortinet:fortiadc:7.1.2:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-30030	An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.

Fixes

Solution

Please upgrade to FortiADC version 7.2.0 or above Please upgrade to FortiADC version 7.1.3 or above

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-22-292

History

Wed, 23 Oct 2024 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'No', 'Exploitation': 'None', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-11-14T18:05:48.807Z

Updated: 2024-10-22T20:52:47.757Z

Reserved: 2023-02-20T15:09:20.635Z

Link: CVE-2023-26205

Vulnrichment

Updated: 2024-08-02T11:39:06.659Z

NVD

Status : Modified

Published: 2023-11-14T18:15:28.260

Modified: 2024-11-21T07:50:54.743

Link: CVE-2023-26205

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-26205", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-02-20T15:09:20.635Z", "datePublished": "2023-11-14T18:05:48.807Z", "dateUpdated": "2024-10-22T20:52:47.757Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiADC", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.1.0", "lessThanOrEqual": "7.1.2", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.5", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.6", "status": "affected"}, {"versionType": "semver", "version": "6.1.0", "lessThanOrEqual": "6.1.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability\u00a0[CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated\u00a0low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-11-14T18:05:48.807Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:F/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiADC version 7.2.0 or above \nPlease upgrade to FortiADC version 7.1.3 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-292", "url": "https://fortiguard.com/psirt/FG-IR-22-292"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:39:06.659Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-292", "url": "https://fortiguard.com/psirt/FG-IR-22-292", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T20:52:25.980870Z", "id": "CVE-2023-26205", "options": [{"Exploitation": "None"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:52:47.757Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-292", "name": "https://fortiguard.com/psirt/FG-IR-22-292", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:39:06.659Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-26205", "role": "CISA Coordinator", "options": [{"Exploitation": "None"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-10-22T20:52:25.980870Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:52:41.537Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:F/RL:U/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiADC", "versions": [{"status": "affected", "version": "7.1.0", "versionType": "semver", "lessThanOrEqual": "7.1.2"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.5"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.6"}, {"status": "affected", "version": "6.1.0", "versionType": "semver", "lessThanOrEqual": "6.1.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiADC version 7.2.0 or above \nPlease upgrade to FortiADC version 7.1.3 or above \n"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-292", "name": "https://fortiguard.com/psirt/FG-IR-22-292"}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability\u00a0[CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated\u00a0low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-11-14T18:05:48.807Z"}}}, "cveMetadata": {"cveId": "CVE-2023-26205", "state": "PUBLISHED", "dateUpdated": "2024-10-22T20:52:47.757Z", "dateReserved": "2023-02-20T15:09:20.635Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-11-14T18:05:48.807Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "matchCriteriaId": "D31CF79E-6C56-4CD0-9DD2-FBB48D503786", "versionEndIncluding": "6.1.6", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5275C5C-B6FD-4456-B143-ECDD282150C4", "versionEndIncluding": "6.2.6", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "matchCriteriaId": "302D8FF0-69B6-451A-9B5B-E28B2FAA30D8", "versionEndIncluding": "7.0.5", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B35D8D53-448B-474C-B7CB-324CB4ED7A82", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "933701AE-43E3-4260-973B-4EA09C375965", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7F3029D7-4C37-4468-9CCD-45C7259EFF2C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability\u00a0[CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated\u00a0low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en la funci\u00f3n de automatizaci\u00f3n FortiADC 7.1.0 a 7.1.2, 7.0 todas las versiones, 6.2 todas las versiones, 6.1 todas las versiones puede permitir que un atacante autenticado con pocos privilegios escale sus privilegios a super_admin a trav\u00e9s de una configuraci\u00f3n manipulada del script CLI de automatizaci\u00f3n de fabric."}], "id": "CVE-2023-26205", "lastModified": "2024-11-21T07:50:54.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T18:15:28.260", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-292"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}