CVE-2023-41840

2023-11-1418:15:53

CWE-426

[email protected]

web.nvd.nist.gov

fortinet

dll hijack

openssl engine

search path

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.5%

JSON

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.

Affected configurations

Nvd

Node

fortinetforticlientMatch7.0.9windows

fortinetforticlientMatch7.2.0windows

fortinetforticlientMatch7.2.1windows

VendorProductVersionCPE
fortinetforticlient7.0.9cpe:2.3:a:fortinet:forticlient:7.0.9:*:*:*:*:windows:*:*
fortinetforticlient7.2.0cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:windows:*:*
fortinetforticlient7.2.1cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
fortinet	forticlient	7.0.9	cpe:2.3:a:fortinet:forticlient:7.0.9:::::windows::
fortinet	forticlient	7.2.0	cpe:2.3:a:fortinet:forticlient:7.2.0:::::windows::
fortinet	forticlient	7.2.1	cpe:2.3:a:fortinet:forticlient:7.2.1:::::windows::