Analysis Summary

CVE-2023-50178 CVSS:7.4

Fortinet FortiADC is vulnerable to a man-in-the-middle attack, caused by the lack of client-side certificate validation. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information.

CVE-2024-27784 CVSS:8.8

Fortinet FortiAIOps could allow a remote attacker to obtain sensitive information, caused by unauthorized actor vulnerabilities. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.

CVE-2023-50179 CVSS:4.8

Fortinet FortiADC is vulnerable to a man-in-the-middle attack, caused by the lack of client-side certificate validation. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information.

CVE-2023-50181 CVSS:4.9

Fortinet FortiADC could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to perform some write actions.

Impact

• Gain Access

Indicators of Compromise

CVE

• CVE-2023-50178
• CVE-2024-27784
• CVE-2023-50179
• CVE-2023-50181

Affected Vendors

Remediation

Refer to FortiGuard Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-50178

CVE-2024-27784

CVE-2023-50179

CVE-2023-50181