CVSS 3.1 Score 8.8 of 10 (high)


Published Jan 10, 2024
Updated: Jan 17, 2024
CWE ID 284


CVE-2023-46712 is an improper access control vulnerability found in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and versions 7.2.0 through 7.2.1. This vulnerability allows attackers to escalate their privileges by sending specifically crafted HTTP requests. The affected products include t1jDxk, uLE7Hf, uLE7Hg, uLE7Hh, uLE7Hi, uLE7Hj, qLMEp2, qLMEp3, and qLMEp1. The severity of this vulnerability is rated as high with a base score of 8.8 out of 10. To remediate this issue, it is recommended to update the affected Fortinet FortiPortal versions to a secure version or apply patches provided by the vendor as soon as possible to prevent unauthorized privilege escalation attacks. This vulnerability poses a significant danger to organizations as it can be exploited remotely over a network without requiring user interaction and can result in high impacts on integrity and confidentiality of the system or data.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46712 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options