CVE-2023-25611

🗓️ 07 Mar 2023 16:04:36Reported by fortinetType

Improper neutralization of formula elements in Fortinet FortiAnalyzer allows unauthorized code execution via spreadsheet formula

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the FortiAnalyzer security event monitoring and analysis tool lies in the lack of a mechanism to neutralize elements in CSV files, allowing attackers to execute arbitrary code.	20 Mar 202300:00	–	bdu_fstec
Circl	CVE-2023-25611	7 Mar 202320:23	–	circl
CNNVD	Fortinet FortiAnalyzer 安全漏洞	7 Mar 202300:00	–	cnnvd
CNVD	Fortinet FortiAnalyzer Command Execution Vulnerability	13 Mar 202300:00	–	cnvd
CVE	CVE-2023-25611	7 Mar 202316:04	–	cve
EUVD	EUVD-2023-29552	3 Oct 202520:07	–	euvd
Fortinet	FortiAnalyzer - CSV injection in macro name	7 Mar 202300:00	–	fortinet
NVD	CVE-2023-25611	7 Mar 202317:15	–	nvd
OSV	CVE-2023-25611	7 Mar 202317:15	–	osv
Prion	Input validation	7 Mar 202317:15	–	prion

[
  {
    "vendor": "Fortinet",
    "product": "FortiAnalyzer",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.5",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.9",
        "status": "affected"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/psirt/FG-IR-22-488

07 Mar 2023 16:04Current

7.5High risk

Vulners AI Score7.5

CVSS 3.14

EPSS0.00333

CWE-1236