CVE-2023-48791 — Vulnetix

CVE-2023-48791 PUBLISHED CVSS 7.900000095367432 HIGH

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.

EPSS 2.07% · 84.2th percentile

Risk Scores

CVSS v3.1

7.900000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

2.07%

84.2th percentile

Affected Products

Vendor	Product	Versions
fortinet	fortiportal	7.0.0, 7.2.0
Fortinet	FortiPortal	7.2.0, 7.0.0

Timeline

Dec 13, 2023 CVE Published
Dec 13, 2023 EPSS Score
Jan 3, 2024 PoC Published
Jan 11, 2024 EPSS Score
Mar 10, 2024 EPSS Score
Apr 8, 2024 EPSS Score
May 7, 2024 EPSS Score
Jun 5, 2024 EPSS Score
Aug 3, 2024 EPSS Score
Sep 1, 2024 EPSS Score
Sep 30, 2024 EPSS Score
Oct 29, 2024 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-23-138 advisory
https://www.fortiguard.com/psirt/FG-IR-23-270 advisory
https://www.fortiguard.com/psirt/FG-IR-23-214 advisory
https://www.fortiguard.com/psirt/FG-IR-23-196 advisory
https://www.fortiguard.com/psirt/FG-IR-23-360 advisory
https://www.fortiguard.com/psirt/FG-IR-23-439 advisory
https://www.fortiguard.com/psirt/FG-IR-23-425 advisory
https://www.fortiguard.com/psirt/FG-IR-22-038 advisory
https://www.fortiguard.com/psirt/FG-IR-23-256 advisory
https://www.fortiguard.com/psirt/FG-IR-22-345 advisory
https://www.fortiguard.com/psirt/FG-IR-23-432 advisory
https://www.fortiguard.com/psirt/FG-IR-23-450 advisory
https://fortiguard.com/psirt/FG-IR-23-425 url
https://nvd.nist.gov/vuln/detail/CVE-2023-48791 advisory

Open in Interactive Console →