CVE-2023-44256 - OpenCVE

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortianalyzer Fortimanager

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer:7.4.0:::::::*
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager:7.4.0:::::::*

No data.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-19-039
https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh

History

No history.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-10-20T09:04:52.906Z

Updated: 2024-09-12T14:30:39.261Z

Reserved: 2023-09-27T12:26:48.751Z

Link: CVE-2023-44256

Vulnrichment

Updated: 2024-08-02T19:59:51.976Z

NVD

Status : Modified

Published: 2023-10-20T10:15:12.870

Modified: 2023-11-07T04:21:34.997

Link: CVE-2023-44256

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44256", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-09-27T12:26:48.751Z", "datePublished": "2023-10-20T09:04:52.906Z", "dateUpdated": "2024-09-12T14:30:39.261Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiAnalyzer", "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.2", "lessThanOrEqual": "7.0.8", "status": "affected"}, {"versionType": "semver", "version": "6.4.8", "lessThanOrEqual": "6.4.13", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager", "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-10-20T09:04:52.906Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above "}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-19-039", "url": "https://fortiguard.com/psirt/FG-IR-19-039"}, {"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.976Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-19-039", "url": "https://fortiguard.com/psirt/FG-IR-19-039", "tags": ["x_transferred"]}, {"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "fortinet", "product": "fortianalyzer", "cpes": ["cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.4.0", "status": "affected"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.3", "versionType": "custom"}, {"version": "7.0.2", "status": "affected", "lessThanOrEqual": "7.0.8", "versionType": "custom"}, {"version": "6.4.8", "status": "affected", "lessThanOrEqual": "6.4.13", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortimanager", "cpes": ["cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.4.0", "status": "affected"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.3", "versionType": "custom"}, {"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.8", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T14:18:34.268176Z", "id": "CVE-2023-44256", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:30:39.261Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44256", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-09-27T12:26:48.751Z", "datePublished": "2023-10-20T09:04:52.906Z", "dateUpdated": "2024-09-12T14:30:39.261Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiAnalyzer", "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.2", "lessThanOrEqual": "7.0.8", "status": "affected"}, {"versionType": "semver", "version": "6.4.8", "lessThanOrEqual": "6.4.13", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager", "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-10-20T09:04:52.906Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above "}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-19-039", "url": "https://fortiguard.com/psirt/FG-IR-19-039"}, {"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.976Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-19-039", "url": "https://fortiguard.com/psirt/FG-IR-19-039", "tags": ["x_transferred"]}, {"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44256", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-12T14:18:34.268176Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortianalyzer", "versions": [{"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.0.2", "versionType": "custom", "lessThanOrEqual": "7.0.8"}, {"status": "affected", "version": "6.4.8", "versionType": "custom", "lessThanOrEqual": "6.4.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortimanager", "versions": [{"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:30:33.595Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9BAF9ED-0E72-448F-BA35-A07541B900F2", "versionEndIncluding": "6.4.13", "versionStartIncluding": "6.4.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1650789-366E-4CA3-814E-DC68B9F318DE", "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "B31BB84A-E622-4911-AAB4-41E57F661A8D", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "91A9AF01-72FD-4942-A95E-71A7609B6977", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AEFC8D4-6358-4A81-BCF3-D162871F59F1", "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."}, {"lang": "es", "value": "Una vulnerabilidad de server-side request forgery [CWE-918] en Fortinet FortiAnalyzer versi\u00f3n 7.4.0, versi\u00f3n 7.2.0 a 7.2.3 y anteriores a 7.0.8 y FortiManager versi\u00f3n 7.4.0, versi\u00f3n 7.2.0 a 7.2.3 y anteriores 7.0.8 permite a un atacante remoto con privilegios bajos ver datos confidenciales de servidores internos o realizar un escaneo de puerto local a trav\u00e9s de una solicitud HTTP manipulada."}], "id": "CVE-2023-44256", "lastModified": "2023-11-07T04:21:34.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2023-10-20T10:15:12.870", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-039"}, {"source": "psirt@fortinet.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}