Main Vulnerability Database Vulnerabilities #VU81969

#VU81969 Information disclosure in FortiOS - CVE-2023-37935

Published: October 12, 2023

Vulnerability identifier: #VU81969

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-37935

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to authentication tokens are passed via HTTP GET parameters in plain text in the FortiOS SSL VPN component. A remote attacker with ability to access parameters of HTTP GET request (e.g. by accessing proxy logs) can gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.com/psirt/FG-IR-23-120

#VU81969 Information disclosure in FortiOS - CVE-2023-37935

Description

Remediation

External links

Please verify you're human