Lucene search

FortinetVULNRICHMENT:CVE-2023-41842

HistoryMar 12, 2024 - 3:09 p.m.

CVE-2023-41842

2024-03-1215:09:16

CWE-134

fortinet

github.com

fortinet

vulnerability

unauthorized execution

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C

AI Score

7.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"
    ],
    "vendor": "fortinet",
    "product": "fortimanager",
    "versions": [
      {
        "status": "affected",
        "version": "7.4.0",
        "versionType": "semver",
        "lessThanOrEqual": "7.4.1"
      },
      {
        "status": "affected",
        "version": "7.2.0",
        "versionType": "semver",
        "lessThanOrEqual": "7.2.3"
      },
      {
        "status": "affected",
        "version": "7.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "7.0.9"
      },
      {
        "status": "affected",
        "version": "6.4.0",
        "versionType": "semver",
        "lessThanOrEqual": "6.4.14"
      },
      {
        "status": "affected",
        "version": "6.2.0",
        "versionType": "semver",
        "lessThanOrEqual": "6.2.12"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"
    ],
    "vendor": "fortinet",
    "product": "fortianalyzer",
    "versions": [
      {
        "status": "affected",
        "version": "7.4.0",
        "versionType": "semver",
        "lessThanOrEqual": "7.4.1"
      },
      {
        "status": "affected",
        "version": "7.2.0",
        "versionType": "semver",
        "lessThanOrEqual": "7.2.3"
      },
      {
        "status": "affected",
        "version": "6.4.0",
        "versionType": "semver",
        "lessThanOrEqual": "6.4.14"
      },
      {
        "status": "affected",
        "version": "6.2.0",
        "versionType": "semver",
        "lessThanOrEqual": "6.2.12"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*"
    ],
    "vendor": "fortinet",
    "product": "fortiportal",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "6.0.14"
      },
      {
        "status": "affected",
        "version": "5.3.0",
        "versionType": "semver",
        "lessThanOrEqual": "5.3.8"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

fortiguard.com/psirt/FG-IR-23-304

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C

AI Score

7.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-41842