Lucene search

[email protected]NVD:CVE-2023-28000

HistoryJun 13, 2023 - 9:15 a.m.

CVE-2023-28000

2023-06-1309:15:16

CWE-78

[email protected]

web.nvd.nist.gov

improper neutralization

special elements

os command

vulnerability

fortiadc

cli

unauthorized commands

crafted arguments

diagnose system df

local attacker

authenticated

cwe-78

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command.

Affected configurations

NVD

Node

fortinetfortiadcRange6.0.0–6.0.4

fortinetfortiadcRange6.1.0–6.1.6

fortinetfortiadcRange6.2.0–6.2.4

fortinetfortiadcRange7.0.0–7.0.3

fortinetfortiadcMatch7.1.0

References

fortiguard.com/psirt/FG-IR-23-107

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for NVD:CVE-2023-28000

cvelist1 prion1 cve1 fortinet1