CVE-2023-44252
HIGHFortiWAN 5.1.1-5.1.2 5.2.0-5.2.1 - Authenticated Privilege Escalation via Crafted JWT Token
Title source: llmDescription
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-061
Scores
CVSS v3
8.8
EPSS
0.0024
EPSS Percentile
47.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (4)
fortinet/fortiwan
5.1.1
fortinet/fortiwan
5.1.2
fortinet/fortiwan
5.2.0
fortinet/fortiwan
5.2.1
Published
Dec 13, 2023
Tracked Since
Feb 18, 2026