CVE-2023-48784

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-48784
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fortiguard.com/psirt/FG-IR-23-413
Configurations

No configuration.

History

17 Apr 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) El uso de una vulnerabilidad de cadena de formato controlada externamente [CWE-134] en FortiOS versión 7.4.1 e inferior, versión 7.2.7 e inferior, versión 7.0.14 e inferior, versión 6.4.15 e inferior, la interfaz de línea de comando puede permitir una interfaz de línea de comando local. Atacante privilegiado con perfil de superadministrador y acceso CLI para ejecutar código o comandos arbitrarios a través de solicitudes especialmente manipuladas.
Summary (en) A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests. (en) A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.

09 Apr 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-09 15:15

Updated : 2024-04-17 12:15

NVD link : CVE-2023-48784

Mitre link : CVE-2023-48784

CVE.ORG link : CVE-2023-48784

JSON object : View

Products Affected

No product.

CWE
CWE-134

Use of Externally-Controlled Format String