VYPR
Unrated severityNVD Advisory· Published Dec 13, 2023· Updated May 22, 2025

CVE-2023-47536

CVE-2023-47536

Description

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.

Affected products

4
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    <= 7.2.3 or <= 7.0.9 or <= 2.0.12+ 1 more
    • (no CPE)range: <= 7.2.3 or <= 7.0.9 or <= 2.0.12
    • (no CPE)range: 7.2.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    <= 7.2.0 or <= 7.0.13 or <= 6.4.14+ 1 more
    • (no CPE)range: <= 7.2.0 or <= 7.0.13 or <= 6.4.14
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.