CVE-2023-47539

Critical

Published: 18 March 2025

Published

18 March 2025

Modified

24 July 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 31.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-47539 is a critical-severity Improper Access Control (CWE-284) vulnerability in Fortinet Fortimail. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access to prevent unauthorized admin login bypasses via crafted HTTP requests due to improper access control.

CM-6 Configuration Settings good match

prevent

Mandates secure configuration settings that avoid enabling vulnerable features like remote_wildcard in RADIUS authentication, directly addressing the configuration-dependent exploit condition.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of software flaws like CVE-2023-47539 through patching, eliminating the improper access control vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an authentication bypass in a public-facing FortiMail web interface, directly enabling initial access via exploitation of a public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.

Deeper analysisAI

CVE-2023-47539 is an improper access control vulnerability (CWE-284) in FortiMail version 7.4.0 when configured with RADIUS authentication and the remote_wildcard option enabled. This issue allows a remote unauthenticated attacker to bypass administrative login via a crafted HTTP request. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and potential for high impacts across confidentiality, integrity, and availability.

A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to the targeted FortiMail instance under the specified configuration. Successful exploitation grants unauthorized administrative access, enabling the attacker to perform privileged actions on the device.

Mitigation details are available in the FortiGuard PSIRT advisory at https://fortiguard.com/psirt/FG-IR-23-439.

Details

CWE(s): CWE-284

Affected Products

fortinet

fortimail

7.4.0

CVEs Like This One

CVE-2021-26091Same product: Fortinet Fortimail

CVE-2026-35616Same vendor: Fortinet

CVE-2023-33302Same product: Fortinet Fortimail

CVE-2025-24472Same vendor: Fortinet

CVE-2025-52970Same vendor: Fortinet

CVE-2025-64447Same vendor: Fortinet

CVE-2025-59719Same vendor: Fortinet

CVE-2025-59922Same vendor: Fortinet

CVE-2025-54820Same vendor: Fortinet

CVE-2025-25249Same vendor: Fortinet

References

https://fortiguard.com/psirt/FG-IR-23-439
Vendor Advisory · psirt@fortinet.com