Guessable static JSON web token secret Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-061 Final 1 1 2023-11-14T00:00:00 Current version 2023-11-14T00:00:00 2023-11-13T00:00:00 PRODUCT OUT OF SUPPORTAn improper authentication vulnerability [CWE-287] in FortWAN may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values. None Improper access control FortiWAN version 5.2.0 through 5.2.1FortiWAN version 5.1.1 through 5.1.2 This product is end of life and no longer supported. Please consider replacing with an equivalent FortiGate appliance as approriate. Fortinet is pleased to thanks Idan Cohen from Cyberillium for bringing this issue to our attention under responsible disclosure. FortiWAN 5.2.1 FortiWAN 5.2.0 FortiWAN 5.1.2 FortiWAN 5.1.1 CVE-2023-44252 FortiWAN-5.2.1 FortiWAN-5.2.0 FortiWAN-5.1.2 FortiWAN-5.1.1 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-23-061 Guessable static JSON web token secret Reference>