CVE-2023-28002
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2023-28002 is an improper validation of integrity check value vulnerability found in FortiOS versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4, 6.2, and 6.0, as well as FortiProxy versions 7.2 and 7.0 VMs. This vulnerability allows a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. The affected products include iASMZA, qXFuId, qXFuIe, sHmZSX, sB94_g, sB94_h, sB94_c, kZ4fLJ, sB94_d, kZ4fLK, sB94_e, sB94_f, kZ4fLL, kZ4fLM, kZ4fLN, sE9wTZ, sE9wTa, kZ4fLO, kZ4fLP, sI_3zE and more. To remediate this vulnerability, it is recommended to upgrade to a patched version of the affected software as soon as possible to prevent any potential danger it poses to an organization's data integrity and confidentiality. (Note: The information provided above is based on the available text only and does not include additional research or analysis.)
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions