CVE-2023-42788 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-42788 PUBLISHED CVSS 7.599999904632568 HIGH

An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command

EPSS 0.30% · 53.6th percentile

Risk Scores

CVSS v3.1

7.599999904632568

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X

EPSS Score

0.30%

53.6th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiAnalyzer	7.4.0, 7.2.0, 7.0.0
fortinet	fortimanager	7.4.0, 6.2.0, 6.4.0
fortinet	fortianalyzer	6.2.0, 6.4.0, 7.0.0
Fortinet	FortiManager	7.2.0, 7.0.0, 6.2.0

Timeline

Oct 10, 2023 CVE Published
Oct 11, 2023 EPSS Score
Nov 11, 2023 EPSS Score
Dec 12, 2023 EPSS Score
Jan 12, 2024 EPSS Score
Feb 11, 2024 EPSS Score
Apr 13, 2024 EPSS Score
May 14, 2024 EPSS Score
Jun 14, 2024 EPSS Score
Jul 15, 2024 EPSS Score
Aug 15, 2024 EPSS Score
Sep 14, 2024 EPSS Score

References

Open in Interactive Console →