CVE-2023-50180 - Vulnerability Details - OpenCVE

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00143.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortiadc

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiadc:7.4.0:::::::*
	cpe:2.3:a:fortinet:fortiadc:7.4.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-55002	An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.

Fixes

Solution

Please upgrade to FortiADC version 7.4.2 or above Please upgrade to FortiADC version 7.2.4 or above

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-23-433

History

No history.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-05-14T16:19:13.773Z

Updated: 2024-08-02T22:09:49.697Z

Reserved: 2023-12-05T13:18:34.865Z

Link: CVE-2023-50180

Vulnrichment

Updated: 2024-08-02T22:09:49.697Z

NVD

Status : Modified

Published: 2024-05-14T17:15:27.317

Modified: 2024-11-21T08:36:36.837

Link: CVE-2023-50180

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50180", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-12-05T13:18:34.865Z", "datePublished": "2024-05-14T16:19:13.773Z", "dateUpdated": "2024-08-02T22:09:49.697Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiADC", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.1", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.1.0", "lessThanOrEqual": "7.1.4", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.5", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-05-14T16:19:13.773Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-497", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiADC version 7.4.2 or above \nPlease upgrade to FortiADC version 7.2.4 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-433", "url": "https://fortiguard.com/psirt/FG-IR-23-433"}]}, "adp": [{"affected": [{"vendor": "fortinet", "product": "fortiadc", "cpes": ["cpe:2.3:a:fortinet:fortiadc:6.2.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "6.2.0", "status": "affected", "lessThanOrEqual": "6.2.6", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortiadc", "cpes": ["cpe:2.3:a:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.5", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortiadc", "cpes": ["cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.1.0", "status": "affected", "lessThanOrEqual": "7.1.4", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortiadc", "cpes": ["cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.3", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortiadc", "cpes": ["cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-14T19:32:32.629359Z", "id": "CVE-2023-50180", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T12:56:49.965Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:09:49.697Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-433", "url": "https://fortiguard.com/psirt/FG-IR-23-433", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-433", "name": "https://fortiguard.com/psirt/FG-IR-23-433", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:09:49.697Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50180", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T19:32:32.629359Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiadc:6.2.0:-:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiadc", "versions": [{"status": "affected", "version": "6.2.0", "versionType": "custom", "lessThanOrEqual": "6.2.6"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiadc", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.5"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiadc", "versions": [{"status": "affected", "version": "7.1.0", "versionType": "custom", "lessThanOrEqual": "7.1.4"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiadc", "versions": [{"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiadc", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "custom", "lessThanOrEqual": "7.4.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T19:36:15.601Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiADC", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.1.0", "versionType": "semver", "lessThanOrEqual": "7.1.4"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.5"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiADC version 7.4.2 or above \nPlease upgrade to FortiADC version 7.2.4 or above \n"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-433", "name": "https://fortiguard.com/psirt/FG-IR-23-433"}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-05-14T16:19:13.773Z"}}}, "cveMetadata": {"cveId": "CVE-2023-50180", "state": "PUBLISHED", "dateUpdated": "2024-08-02T22:09:49.697Z", "dateReserved": "2023-12-05T13:18:34.865Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-05-14T16:19:13.773Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "matchCriteriaId": "971BE53E-8213-4B4E-B76F-4B446772EC4A", "versionEndIncluding": "6.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "matchCriteriaId": "302D8FF0-69B6-451A-9B5B-E28B2FAA30D8", "versionEndIncluding": "7.0.5", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3CACC8D-C349-4BA9-9900-02A7CEA61FF3", "versionEndIncluding": "7.1.4", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "matchCriteriaId": "03EA09FD-30DE-4106-96D8-78949E335634", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C624CB5-F745-4781-839A-B397EC97590B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B6FB3F3-79CB-4C0B-99D9-078CEFCF7E6E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins."}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n confidencial del sistema a una vulnerabilidad de esfera de control no autorizada [CWE-497] en FortiADC versi\u00f3n 7.4.1 e inferior, versi\u00f3n 7.2.3 e inferior, versi\u00f3n 7.1.4 e inferior, versi\u00f3n 7.0.5 e inferior, versi\u00f3n 6.2. 6 y siguientes pueden permitir que un administrador de solo lectura vea datos pertenecientes a otros administradores."}], "id": "CVE-2023-50180", "lastModified": "2024-11-21T08:36:36.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T17:15:27.317", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-433"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-433"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}