CVE-2023-41673 – An improper authorization vulnerability in Fort... (How to Fix)

Q: What is the severity of CVE-2023-41673?

CVE-2023-41673 has a CVSS score of 7.1 (HIGH). An improper authorization vulnerability in Fortinet FortiADC allows low-privileged users to read or backup the full system configuration via HTTP/HTTPS requests. This exposes sensitive configuration data, potentially including credentials and network details. Affected versions are FortiADC 7.4.0 and before 7.2.2.

📋 TL;DR

An improper authorization vulnerability in Fortinet FortiADC allows low-privileged users to read or backup the full system configuration via HTTP/HTTPS requests. This exposes sensitive configuration data, potentially including credentials and network details. Affected versions are FortiADC 7.4.0 and before 7.2.2.

💻 Affected Systems

Products:

Fortinet FortiADC

Versions: 7.4.0 and versions before 7.2.2

Operating Systems: Fortinet's proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configurations; no special settings required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full system configuration, enabling credential theft, network mapping, and further attacks like privilege escalation or lateral movement.

🟠

Likely Case

Low-privileged users or attackers with initial access exfiltrate configuration data, compromising security settings and sensitive information.

🟢

If Mitigated

With proper access controls and patching, impact is limited to unauthorized configuration viewing, but no direct system compromise.

🌐 Internet-Facing: HIGH if FortiADC is exposed to the internet, as attackers can exploit it remotely via HTTP/HTTPS.

🏢 Internal Only: MEDIUM if internal-only, as it requires initial network access but still poses significant risk from insider threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires low-privileged user access; no public proof-of-concept is known, but the vulnerability is straightforward to abuse.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiADC 7.2.2 or later, and 7.4.1 or later

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-270

Restart Required: Yes

Instructions:

1. Access the FortiADC management interface. 2. Navigate to System > Dashboard > Status. 3. Check current version. 4. If vulnerable, upgrade to FortiADC 7.2.2 or later, or 7.4.1 or later. 5. Restart the device after upgrade.

🔧 Temporary Workarounds

Restrict Access to Management Interface

all

Limit HTTP/HTTPS access to the FortiADC management interface to trusted IP addresses only.

Configure firewall rules or ACLs to allow management access from specific IPs.

Enforce Least Privilege

all

Review and minimize user privileges to reduce the number of low-privileged accounts with access.

Use FortiADC user management to restrict permissions to necessary functions only.

🧯 If You Can't Patch

Monitor logs for unauthorized configuration access attempts and investigate anomalies.
Isolate FortiADC from untrusted networks and implement network segmentation to limit exposure.

🔍 How to Verify

Check if Vulnerable:

Check the FortiADC version via the web interface or CLI; if version is 7.4.0 or before 7.2.2, it is vulnerable.

Check Version:

get system status

Verify Fix Applied:

After patching, confirm the version is 7.2.2 or later, or 7.4.1 or later, and test that low-privileged users cannot access full configuration.

📡 Detection & Monitoring

Log Indicators:

Log entries showing configuration backup or read actions by low-privileged users.
Unusual HTTP/HTTPS requests to configuration endpoints from unauthorized accounts.

Network Indicators:

HTTP/HTTPS traffic to FortiADC management ports (e.g., 80, 443) from unexpected sources.

SIEM Query:

source="fortiadc" AND (event_type="config_read" OR event_type="backup") AND user_privilege="low"

📊 Metadata

CVE ID: CVE-2023-41673

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-285

Published: December 13, 2023

Last Updated: November 21, 2024

🔗 References

https://fortiguard.com/psirt/FG-IR-23-270 Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-270 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41673, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Access to Management Interface

Enforce Least Privilege

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities