FortiManager/Analyzer Sensitive Info Disclosure CWE-200 before 7.4.2/7.2.5
CVE-2023-44255 Published on November 12, 2024
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.
Vulnerability Analysis
CVE-2023-44255 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is a Privacy violation Vulnerability?
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CVE-2023-44255 has been classified to as a Privacy violation vulnerability or weakness.
Products Associated with CVE-2023-44255
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-44255 are published in these products:
Affected Versions
Fortinet FortiManager:- Version 7.4.0, <= 7.4.2 is affected.
- Version 7.2.0, <= 7.2.5 is affected.
- Version 7.0.0, <= 7.0.13 is affected.
- Version 6.4.0, <= 6.4.15 is affected.
- Version 6.2.0, <= 6.2.13 is affected.
- Version 7.4.0, <= 7.4.2 is affected.
- Version 7.2.0, <= 7.2.3 is affected.
- Version 7.0.0, <= 7.0.13 is affected.
- Version 6.4.0, <= 6.4.15 is affected.
- Version 6.2.0, <= 6.2.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.