CVE-2023-46717 - Vulnerability Details - OpenCVE

An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00175.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet Subscribe	Fortios Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-50901	An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.

Fixes

Solution

Please upgrade to FortiOS 7.4.2 or above Please upgrade to FortiOS 7.2.7 or above Please upgrade to ForitOS 7.0.13 or above Workaround- Disable push notifications for FortiAuthenticator: For RADIUS Authentication (From FortiAuthenticator)- ## RADIUS Service > Policies > (select policy) > Authentication Factors > Advanced Options > ## Allow FortiToken Mobile push notifications (*disable)*

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-23-424

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-03-12T15:09:19.790Z

Updated: 2024-08-02T20:53:21.214Z

Reserved: 2023-10-25T08:43:15.290Z

Link: CVE-2023-46717

Vulnrichment

Updated: 2024-08-02T20:53:21.214Z

NVD

Status : Modified

Published: 2024-03-12T15:15:46.487

Modified: 2024-11-21T08:29:08.597

Link: CVE-2023-46717

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46717", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-10-25T08:43:15.290Z", "datePublished": "2024-03-12T15:09:19.790Z", "dateUpdated": "2024-08-02T20:53:21.214Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiOS", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.1", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.6", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.12", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-03-12T15:09:19.790Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-287", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS 7.4.2 or above\nPlease upgrade to FortiOS 7.2.7 or above\nPlease upgrade to ForitOS 7.0.13 or above\n\r\n\r\nWorkaround- Disable push notifications for FortiAuthenticator:\n\r\n\r\nFor RADIUS Authentication (From FortiAuthenticator)- ## RADIUS Service > Policies > (select policy) > Authentication Factors > Advanced Options > \n## Allow FortiToken Mobile push notifications \n(*disable)*\n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-424", "url": "https://fortiguard.com/psirt/FG-IR-23-424"}]}, "adp": [{"affected": [{"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.12", "versionType": "custom"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.6", "versionType": "custom"}, {"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T18:16:24.708690Z", "id": "CVE-2023-46717", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T18:16:30.729Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.214Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-424", "url": "https://fortiguard.com/psirt/FG-IR-23-424", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-424", "name": "https://fortiguard.com/psirt/FG-IR-23-424", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.214Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46717", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-12T18:16:24.708690Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortios", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.12"}, {"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.6"}, {"status": "affected", "version": "7.4.0", "versionType": "custom", "lessThanOrEqual": "7.4.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T18:14:49.209Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiOS", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.6"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.12"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS 7.4.2 or above\nPlease upgrade to FortiOS 7.2.7 or above\nPlease upgrade to ForitOS 7.0.13 or above\n\r\n\r\nWorkaround- Disable push notifications for FortiAuthenticator:\n\r\n\r\nFor RADIUS Authentication (From FortiAuthenticator)- ## RADIUS Service > Policies > (select policy) > Authentication Factors > Advanced Options > \n## Allow FortiToken Mobile push notifications \n(*disable)*\n"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-424", "name": "https://fortiguard.com/psirt/FG-IR-23-424"}], "descriptions": [{"lang": "en", "value": "An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-03-12T15:09:19.790Z"}}}, "cveMetadata": {"cveId": "CVE-2023-46717", "state": "PUBLISHED", "dateUpdated": "2024-08-02T20:53:21.214Z", "dateReserved": "2023-10-25T08:43:15.290Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-03-12T15:09:19.790Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "D25F9C04-C7FD-4B1F-A194-CA69E5DE903C", "versionEndExcluding": "7.0.13", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "553C4BA9-953B-4017-8498-785BDA7A3006", "versionEndExcluding": "7.2.7", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "4316C2EA-3D6E-4A0C-B81D-ADCE040E03E0", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts."}, {"lang": "es", "value": "Una vulnerabilidad de autenticaci\u00f3n incorrecta [CWE-287] en las versiones 7.4.1 y anteriores de FortiOS, las versiones 7.2.6 y siguientes y las versiones 7.0.12 y siguientes cuando se configura con FortiAuthenticator en HA puede permitir que un usuario de solo lectura obtenga acceso de lectura y escritura a trav\u00e9s de intentos sucesivos de inicio de sesi\u00f3n."}], "id": "CVE-2023-46717", "lastModified": "2024-11-21T08:29:08.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-12T15:15:46.487", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-424"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}