Cyber Posture

CVE-2023-47539

Critical

Published: 18 March 2025

Published
18 March 2025
Modified
24 July 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 31.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2023-47539 is an improper access control vulnerability (CWE-284) in FortiMail version 7.4.0 when configured with RADIUS authentication and the remote_wildcard option enabled. This issue allows a remote unauthenticated attacker to bypass administrative login via a crafted HTTP request. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and potential for high impacts across confidentiality, integrity, and availability.

A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to the targeted FortiMail instance under the specified configuration. Successful exploitation grants unauthorized administrative access, enabling the attacker to perform privileged actions on the device.

Mitigation details are available in the FortiGuard PSIRT advisory at https://fortiguard.com/psirt/FG-IR-23-439.

Details

CWE(s)
CWE-284

Affected Products

fortinet
fortimail
7.4.0

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability is an authentication bypass in a public-facing FortiMail web interface, directly enabling initial access via exploitation of a public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References