FortiManager / FortiAnalyzer - Authorization bypass via key value controlled by user

Oct. 10, 2023, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiManager & FortiAnalyzer may allow a remote attacker with low privileges to read sensitive information via crafted HTTP requests.

amp attacker authorization bypass cwe fortianalyzer fortimanager http http requests information key key value low may privileges requests sensitive sensitive information value vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 4 days ago | fortiguard.fortinet.com

attacker cwe disclaimer may +8

Exposure of password hashes to read-only admin 4 days ago | fortiguard.fortinet.com

admin control cwe data +11

Double free with double usage of json_object_put 4 days ago | fortiguard.fortinet.com

attacker code commands cwe +9

Format String Bug in cli command 4 days ago | fortiguard.fortinet.com

amp arbitrary code arbitrary code execution attacker +19

Client IP relies on X-Forwarded-For and other headers 4 days ago | fortiguard.fortinet.com

attack bypass client cwe +10

Buffer overflow in administrative interface 4 days ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +13

Code injection in playbook code snippet step 4 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +7

Client-side enforcement of server-side security related to customer reports features 4 days ago | fortiguard.fortinet.com

access account attacker client +16

HTTP/2 CONTINUATION Frames Vulnerability 4 days ago | fortiguard.fortinet.com

attack can connection crash +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior Application Security Engineer, Application Security

@ Miro | Amsterdam, NL

View on infosec-jobs.com

SOC Analyst (m/w/d)

@ LANXESS | Leverkusen, NW, DE, 51373

View on infosec-jobs.com

Lead Security Solutions Engineer (Remote, North America)

@ Dynatrace | Waltham, MA, United States

View on infosec-jobs.com

all InfoSec news

FortiManager / FortiAnalyzer - Authorization bypass via key value controlled by user

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

Senior Application Security Engineer, Application Security

SOC Analyst (m/w/d)

Lead Security Solutions Engineer (Remote, North America)