fkie_nvd - fkie_cve-2023-44252

fkie_cve-2023-44252

Vulnerability from fkie_nvd

Published

2023-12-13 09:15

Modified

2024-11-21 08:25

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-23-061	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-23-061	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiwan	5.1.1
fortinet	fortiwan	5.1.2
fortinet	fortiwan	5.2.0
fortinet	fortiwan	5.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C010221E-9BAF-41DC-B352-5941D38C8FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7944DB8-76F2-40B9-97E2-D14A1EBF6286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BCE7940-6D64-43BE-92AF-3EB86F4D0B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8034DF-A33B-4B49-9448-6AD1DFAB27D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values."
    },
    {
      "lang": "es",
      "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Una vulnerabilidad de autenticaci\u00f3n incorrecta [CWE-287] en Fortinet FortiWAN versi\u00f3n 5.2.0 a 5.2.1 y versi\u00f3n 5.1.1 a 5.1.2 puede permitir que un atacante autenticado escale sus privilegios a trav\u00e9s de solicitudes HTTP o HTTPs con valores de token JWT manipulados."
    }
  ],
  "id": "CVE-2023-44252",
  "lastModified": "2024-11-21T08:25:31.487",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-13T09:15:34.473",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-23-061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-23-061"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

CVE-2023-44252 (GCVE-0-2023-44252)

Vulnerability from cvelistv5

Published

2023-12-13 08:52

Modified

2024-08-02 19:59

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RC:C

CWE

CWE-287 - Improper access control

Summary

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-061