CVE-2023-42791

CVE Database · CVE-2023-42791

CVE-2023-42791

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

4.18%

Published

Feb 20, 2024

Modified

Dec 16, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-23CWE-22

Affected Products (5)

fortinet · fortimanager (up to 6.2.12)vulnerable

fortinet · fortimanager (up to 6.4.13)vulnerable

fortinet · fortimanager (up to 7.0.9)vulnerable

fortinet · fortimanager (up to 7.2.4)vulnerable

fortinet · fortimanagervulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-23-189

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-189

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs