VDB
CVE-2023-40716
CVE-2023-40716
PUBLISHED
CVSS 6.5 MEDIUM
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .
EPSS 0.07% · 22.6th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
EPSS Score
0.07%
22.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fortinet | fortitester | 7.2.3, 3.3.0, 3.3.1 |
| Fortinet | FortiTester | 7.1.0, 7.0.0, 4.2.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-40716 (circl-sighting)
- https://fortiguard.com/psirt/FG-IR-22-345 (circl)
Timeline
- Dec 13, 2023 CVE Published
- Dec 13, 2023 EPSS Score
- Jan 7, 2024 PoC Published
- Jan 11, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 10, 2024 EPSS Score
- Apr 8, 2024 EPSS Score
- May 7, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
- Jul 5, 2024 EPSS Score
- Aug 3, 2024 EPSS Score
- Sep 1, 2024 EPSS Score
References
- https://www.fortiguard.com/psirt/FG-IR-23-138 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-270 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-214 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-196 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-360 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-439 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-425 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-038 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-256 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-345 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-432 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-450 advisory
- https://fortiguard.com/psirt/FG-IR-22-345 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-40716 advisory