What is CVE-2023-45582?

CVE-2023-45582 is a medium-severity vulnerability in Fortinet Fortimail, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 5.3/10. Published 2023-11-14.

How severe is CVE-2023-45582?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Fortinet Fortimail

CVE-2023-45582

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force att…

EPSS: 0.002 (42.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C.

Affected products

Fortinet Fortimail — versions 7.4.0, 7.2.0, 7.0.0

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

https://fortiguard.com/psirt/FG-IR-23-287

Frequently asked questions

What is CVE-2023-45582?: CVE-2023-45582 is a medium-severity vulnerability in Fortinet Fortimail, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 5.3/10. Published 2023-11-14.
How severe is CVE-2023-45582?: Medium severity. CVSS v3 base score is 5.3 out of 10.