VDB
CVE-2023-42788
CVE-2023-42788
PUBLISHED
CVSS 7.599999904632568 HIGH
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command
EPSS 0.33% · 56.6th percentile
Risk Scores
CVSS 3.1
7.599999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X
EPSS Score
0.33%
56.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiAnalyzer | 6.2.0, 6.4.0, 7.0.0 |
| fortinet | fortimanager | 6.2.0, 6.4.0, 7.0.0 |
| fortinet | fortianalyzer | 7.4.0, 7.2.0, 7.0.0 |
| Fortinet | FortiManager | 7.2.0, 7.0.0, 6.2.0 |
Timeline
- Oct 10, 2023 CVE Published
- Oct 11, 2023 EPSS Score
- Nov 11, 2023 EPSS Score
- Dec 13, 2023 EPSS Score
- Jan 13, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
- Mar 16, 2024 EPSS Score
- Apr 17, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jul 20, 2024 EPSS Score
- Aug 20, 2024 EPSS Score
- Sep 21, 2024 EPSS Score