Lucene search

FortinetCVELIST:CVE-2023-41840

HistoryNov 14, 2023 - 6:04 p.m.

CVE-2023-41840

2023-11-1418:04:55

CWE-426

fortinet

www.cve.org

fortinet

dll hijack

openssl engine library

search path vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P

EPSS

0.001

Percentile

21.5%

JSON

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiClientWindows",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.1",
        "status": "affected"
      },
      {
        "version": "7.0.9",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-23-274

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P

EPSS

0.001

Percentile

21.5%

JSON

Related for CVELIST:CVE-2023-41840