VDB

CVE-2023-42788

CVE-2023-42788 PUBLISHED CVSS 7.599999904632568 HIGH

An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command

EPSS 0.33% · 56.6th percentile

Risk Scores

CVSS 3.1
7.599999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X
EPSS Score
0.33%
56.6th percentile

Affected Products

VendorProductVersions
FortinetFortiAnalyzer6.2.0, 6.4.0, 7.0.0
fortinetfortimanager6.2.0, 6.4.0, 7.0.0
fortinetfortianalyzer7.4.0, 7.2.0, 7.0.0
FortinetFortiManager7.2.0, 7.0.0, 6.2.0

Timeline

  • Oct 10, 2023 CVE Published
  • Oct 11, 2023 EPSS Score
  • Nov 11, 2023 EPSS Score
  • Dec 13, 2023 EPSS Score
  • Jan 13, 2024 EPSS Score
  • Feb 14, 2024 EPSS Score
  • Mar 16, 2024 EPSS Score
  • Apr 17, 2024 EPSS Score
  • May 18, 2024 EPSS Score
  • Jul 20, 2024 EPSS Score
  • Aug 20, 2024 EPSS Score
  • Sep 21, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›