How severe is CVE-2023-28001?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-28001?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2023-28001

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-613

View all →

Vulnerability Description

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.

CVE-2014-2595

CRITICAL

CVSS:9.8(Critical)

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.

CWE-6132014

CVE-2015-5171

CRITICAL

CVSS:9.8(Critical)

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified imp...

CWE-6132015

CVE-2016-11014

CRITICAL

CVSS:9.8(Critical)

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

CWE-6132016

CVE-2016-5069

CRITICAL

CVSS:9.8(Critical)

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.

CWE-6132016

CVE-2016-6545

CRITICAL

CVSS:9.8(Critical)

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this i...

CWE-6132016

CVE-2018-21018

CRITICAL

CVSS:9.8(Critical)

Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.

CWE-6132018

CVE-2023-28001

Vulnerability Description

Related Vulnerabilities

CVE-2014-2595

CVE-2015-5171

CVE-2016-11014

CVE-2016-5069

CVE-2016-6545

CVE-2018-21018