Rewterz Threat Advisory – NETGEAR NMS300 and RBR760 Vulnerabilities
November 13, 2023Rewterz Threat Update – LockBit Ransomware Attacks Kyocera AVX and Impacts 39,000 Individuals
November 13, 2023Rewterz Threat Advisory – NETGEAR NMS300 and RBR760 Vulnerabilities
November 13, 2023Rewterz Threat Update – LockBit Ransomware Attacks Kyocera AVX and Impacts 39,000 Individuals
November 13, 2023Severity
Medium
Analysis Summary
CVE-2023-44256
Fortinet FortiAnalyzer and FortiManager is vulnerable to server-side request forgery, caused by a flaw in the fortiview top threats report generation feature. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to view sensitive data from internal servers or perform a local port scan.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-44256
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiManager 7.0.0
- Fortinet FortiManager 7.2.0
- Fortinet FortiManager 7.4.0
- Fortinet FortiManager 7.2.3
- Fortinet FortiManager 7.0.8
- Fortinet FortiAnalyzer 7.2.0
- Fortinet FortiAnalyzer 6.4.8
- Fortinet FortiAnalyzer 7.4.0
- Fortinet FortiAnalyzer 7.2.3
- Fortinet FortiAnalyzer 7.0.8
- Fortinet FortiAnalyzer 6.4.13
- Fortinet FortiAnalyzer 7.0.2
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.