CVE-2023-50176

CVE Database · CVE-2023-50176

CVE-2023-50176

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

0.55%

Published

Nov 12, 2024

Modified

Dec 12, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-384

Affected Products (3)

fortinet · fortios (up to 7.0.14)vulnerable

fortinet · fortios (up to 7.2.8)vulnerable

fortinet · fortios (up to 7.4.4)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-23-475

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs