CVE-2023-41841: 
FortiOS vulnerability analysis and mitigation

An improper authorization vulnerability (CVE-2023-41841) was discovered in Fortinet FortiOS's WEB UI component, affecting versions 7.0.0 through 7.0.11 and 7.2.0 through 7.2.4. The vulnerability was internally discovered and reported by the Fortinet QA team and was initially published on October 10, 2023. This security issue allows authenticated users with prof-admin profile access to perform elevated actions beyond their intended privileges (Fortinet Advisory).

The vulnerability is classified as CWE-285 (Improper Authorization) and has received a High severity rating. The CVSS v3.1 base score is 8.8 (HIGH) according to NVD's assessment with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Fortinet assigned a score of 8.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H (NVD).

The vulnerability allows for privilege escalation, enabling authenticated users with prof-admin profile access to perform actions beyond their intended authorization level. This could potentially lead to unauthorized access to sensitive system functions and compromise of system security (Fortinet Advisory).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade FortiOS 7.0.x to version 7.0.12 or above, and FortiOS 7.2.x to version 7.2.5 or above. FortiOS 7.4 is not affected by this vulnerability. Users should follow the recommended upgrade path using Fortinet's upgrade tool available at their documentation site (Fortinet Advisory).