CVE-2023-36554

{"id": "CVE-2023-36554", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-03-12T15:15:45.693", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-103", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/psirt/FG-IR-23-103", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests."}, {"lang": "es", "value": "Un control de acceso inadecuado en Fortinet FortiManager versi\u00f3n 7.4.0, versi\u00f3n 7.2.0 a 7.2.3, versi\u00f3n 7.0.0 a 7.0.10, versi\u00f3n 6.4.0 a 6.4.13, 6.2 todas las versiones permite a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes HTTP especialmente manipuladas."}], "lastModified": "2024-11-21T08:09:55.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09105C5B-378F-4E1A-B395-F43573983A26", "versionEndIncluding": "6.2.12", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B632AF2E-739B-4EBA-8780-8AE999C62F3E", "versionEndIncluding": "6.4.13", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A615E88-FCB3-48F4-A6F3-5EDA0F67FE52", "versionEndIncluding": "7.0.10", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}