CVE-2023-50176

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 12, 2024

Updated: Nov 13, 2024

CWE ID 384

Summary

CVE-2023-50176 is a session fixation vulnerability affecting Fortinet FortiOS versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, and 7.0.0 through 7.0.13. An attacker can exploit this issue by crafting a malicious SAML authentication link via phishing. Successful exploitation allows the attacker to execute unauthorized code or commands with the privileges of the targeted user. This vulnerability poses a significant risk, as it can lead to serious security breaches and unauthorized access to sensitive information. Organizations running the affected Fortinet FortiOS versions are advised to apply the necessary patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

FortiOS

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners