CVE-2023-44256

Summary

CVE	CVE-2023-44256
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-10-20 10:15:00 UTC
Updated	2023-11-07 04:21:00 UTC
Description	A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

Risk And Classification

Problem Types: CWE-918

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Fortinet	Fortianalyzer	7.4.0	All	All	All
Application	Fortinet	Fortianalyzer	All	All	All	All
Application	Fortinet	Fortianalyzer	All	All	All	All
Application	Fortinet	Fortianalyzer	All	All	All	All
Application	Fortinet	Fortimanager	7.4.0	All	All	All
Application	Fortinet	Fortimanager	All	All	All	All
Application	Fortinet	Fortimanager	All	All	All	All

References

Reference	Source	Link	Tags
PSIRT Advisories \| FortiGuard	MISC	fortiguard.com
Fortinet FortiAnalyzer - SSRF wkhtmltopdf (CVE-2023-44256) · Advisory · orangecertcc/security-research · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

379128 Fortinet FortiAnalyzer and FortiManager - Server-Side Request Forgery (SSRF) Vulnerability (FG-IR-19-039)