An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-169 | Vendor Advisory |
https://fortiguard.com/psirt/FG-IR-23-169 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.com/psirt/FG-IR-23-169 - Vendor Advisory |
13 Oct 2023, 16:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fortinet fortianalyzer
Fortinet fortimanager Fortinet |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
CPE | cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* |
|
References | (MISC) https://fortiguard.com/psirt/FG-IR-23-169 - Vendor Advisory | |
CWE | CWE-78 |
10 Oct 2023, 17:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-10 17:15
Updated : 2024-11-21 08:21
NVD link : CVE-2023-41838
Mitre link : CVE-2023-41838
CVE.ORG link : CVE-2023-41838
JSON object : View
Products Affected
fortinet
- fortimanager
- fortianalyzer
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')