CVE-2023-50176

Published Nov 12, 2024

Last updated 5 months ago

CVSS high 7.5

Overview

Description
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.
Source
psirt@fortinet.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@fortinet.com
CWE-384

Social media

Hype score
Not currently trending

  1. برای برخی محصولات Fortinet شامل : FortiOS و FortiAnalyzer و FortiClient چندین آسیب پذیری Critical با کدهای شناسایی CVE-2024-23666 و CVE-2024-36513 و CVE-2023-50176 منتشر شده است. این آسیب پذیری ها از نوع Hijack session و privilege escalation می باشند. https://t.co/Poz3aKYxT1 http

    @AmirHossein_sec

    15 Nov 2024

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. フォーティネット社がFortiOSにおける深刻な脆弱性を修正。CVE-2023-50176は未認証の攻撃者がフィッシングのSAMLリンクによりユーザーセッションを乗っ取れるもの。FortiAnalyzerとFortiManagerに影響。 https://t.co/8quV6nPMsu

    @__kokumoto

    13 Nov 2024

    1043 Impressions

    5 Retweets

    10 Likes

    1 Bookmark

    0 Replies

    1 Quote

  3. CVE-2023-50176 A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7... https://t.co/VP8szwiKcc Vulnerability Notification: https://t.co/xhLrNng6hm

    @VulmonFeeds

    13 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.