Severity
Medium
Analysis Summary
CVE-2023-50178 CVSS:7.4
Fortinet FortiADC is vulnerable to a man-in-the-middle attack, caused by the lack of client-side certificate validation. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information.
CVE-2024-27784 CVSS:8.8
Fortinet FortiAIOps could allow a remote attacker to obtain sensitive information, caused by unauthorized actor vulnerabilities. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2023-50179 CVSS:4.8
Fortinet FortiADC is vulnerable to a man-in-the-middle attack, caused by the lack of client-side certificate validation. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information.
CVE-2023-50181 CVSS:4.9
Fortinet FortiADC could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to perform some write actions.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2023-50178
- CVE-2024-27784
- CVE-2023-50179
- CVE-2023-50181
Affected Vendors
Affected Products
- Fortinet FortiAIOps 2.0.0
- Fortinet FortiADC 7.4.2
- Fortinet FortiADC 7.4.0
Remediation
Refer to FortiGuard Security Advisory for patch, upgrade or suggested workaround information.