CVE-2023-44250: 
FortiOS vulnerability analysis and mitigation

An improper privilege management vulnerability (CVE-2023-44250) affects Fortinet FortiOS HA cluster versions 7.4.0 through 7.4.1 and 7.2.5, as well as FortiProxy HA cluster versions 7.4.0 through 7.4.1. The vulnerability was discovered by Justin Lum of Fortinet Web Development Team and was initially published on January 2, 2024. This high-severity vulnerability has been assigned a CVSS v3.1 score of 8.8 (Fortinet Advisory).

The vulnerability is classified as an improper privilege management issue (CWE-269) that allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests over the web administrative interface. The vulnerability specifically affects the HA (High Availability) cluster configurations of the affected products (NVD, Fortinet Advisory).

Successful exploitation of this vulnerability enables an authenticated attacker to execute unauthorized code or commands with elevated privileges. This could potentially lead to unauthorized access to system resources and compromise of the affected systems (Fortinet Advisory, SOCRadar).

Fortinet has released patches to address this vulnerability. Users of FortiOS 7.4.0-7.4.1 should upgrade to version 7.4.2 or above, while FortiOS 7.2.5 users should upgrade to version 7.2.6 or above. FortiProxy 7.4.0-7.4.1 users should upgrade to version 7.4.2 or above. Additionally, a virtual patch named 'FortiOS.HA.RestAPI.Privilege.Elevation.' is available in FMWP db update 23.104 (Fortinet Advisory).

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert urging users and administrators to review the Fortinet advisory and implement necessary mitigations. The agency emphasized the potential for threat actors to exploit this vulnerability to gain control of affected systems (SOCRadar).