CVE-2023-47542

CVE Database · CVE-2023-47542

CVE-2023-47542

· MEDIUMAnalyzed

CVSS v3.1

6.7

EPSS

0.27%

Published

Apr 9, 2024

Modified

Jan 17, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-1336CWE-94

Affected Products (3)

fortinet · fortimanager (up to 7.0.11)vulnerable

fortinet · fortimanager (up to 7.2.5)vulnerable

fortinet · fortimanager (up to 7.4.2)vulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-23-419

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-419

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs