Severity
Medium
Analysis Summary
CVE-2023-44254 CVSS:4.3
Fortinet FortiAnalyzer and FortiManager could allow a remote authenticated attacker to bypass security restrictions caused by a user-controlled key vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions and read sensitive data.
CVE-2024-31490 CVSS:5.3
Fortinet FortiSandbox could allow a remote attacker to obtain sensitive information, caused by an unauthorized actor. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
Impact
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2023-44254
- CVE-2024-31490
Affected Vendors
Affected Products
- Fortinet FortiAnalyzer - 7.4.0
- Fortinet FortiManager - 7.4.0
- Fortinet FortiSandbox - 4.4.0
- Fortinet FortiSandbox - 3.1.5
Remediation
Refer to FortiGuard Security Advisory for patch, upgrade or suggested workaround information.