CVE-2023-41842 - Vulnerability Details

Vendors	Products
Fortinet	Fortianalyzer Fortianalyzer Bigdata Fortimanager Fortiportal

Link	Providers
https://fortiguard.com/psirt/FG-IR-23-304

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41842", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-09-04T08:12:52.814Z", "datePublished": "2024-03-12T15:09:16.279Z", "dateUpdated": "2024-08-12T18:09:17.558Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiManager", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.1", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.9", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.14", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.12", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiAnalyzer", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.1", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.9", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.14", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.12", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiPortal", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.14", "status": "affected"}, {"versionType": "semver", "version": "5.3.0", "lessThanOrEqual": "5.3.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and  Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-03-12T15:09:16.279Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.10 or above \nPlease upgrade to FortiAnalyzer version 7.4.2 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiAnalyzer version 7.0.10 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.0 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.0 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-304", "url": "https://fortiguard.com/psirt/FG-IR-23-304"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.300Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-304", "url": "https://fortiguard.com/psirt/FG-IR-23-304", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "fortinet", "product": "fortimanager", "cpes": ["cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.1", "versionType": "semver"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.3", "versionType": "semver"}, {"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.9", "versionType": "semver"}, {"version": "6.4.0", "status": "affected", "lessThanOrEqual": "6.4.14", "versionType": "semver"}, {"version": "6.2.0", "status": "affected", "lessThanOrEqual": "6.2.12", "versionType": "semver"}]}, {"vendor": "fortinet", "product": "fortianalyzer", "cpes": ["cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.1", "versionType": "semver"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.3", "versionType": "semver"}, {"version": "6.4.0", "status": "affected", "lessThanOrEqual": "6.4.14", "versionType": "semver"}, {"version": "6.2.0", "status": "affected", "lessThanOrEqual": "6.2.12", "versionType": "semver"}]}, {"vendor": "fortinet", "product": "fortiportal", "cpes": ["cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "6.0.0", "status": "affected", "lessThanOrEqual": "6.0.14", "versionType": "semver"}, {"version": "5.3.0", "status": "affected", "lessThanOrEqual": "5.3.8", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-22T14:15:41.817688Z", "id": "CVE-2023-41842", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T18:09:17.558Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-41842 (string)

assignerOrgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

state : PUBLISHED (string)

assignerShortName : fortinet (string)

dateReserved : 2023-09-04T08:12:52.814Z (string)

datePublished : 2024-03-12T15:09:16.279Z (string)

dateUpdated : 2024-08-12T18:09:17.558Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

vendor : Fortinet (string)

product : FortiManager (string)

defaultStatus : unaffected (string)

versions : [ »

0 : { »

versionType : semver (string)

version : 7.4.0 (string)

lessThanOrEqual : 7.4.1 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 7.2.0 (string)

lessThanOrEqual : 7.2.3 (string)

status : affected (string)

}

2 : { »

versionType : semver (string)

version : 7.0.0 (string)

lessThanOrEqual : 7.0.9 (string)

status : affected (string)

}

3 : { »

versionType : semver (string)

version : 6.4.0 (string)

lessThanOrEqual : 6.4.14 (string)

status : affected (string)

}

4 : { »

versionType : semver (string)

version : 6.2.0 (string)

lessThanOrEqual : 6.2.12 (string)

status : affected (string)

}

]

}

1 : { »

vendor : Fortinet (string)

product : FortiAnalyzer (string)

defaultStatus : unaffected (string)

versions : [ »

0 : { »

versionType : semver (string)

version : 7.4.0 (string)

lessThanOrEqual : 7.4.1 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 7.2.0 (string)

lessThanOrEqual : 7.2.3 (string)

status : affected (string)

}

2 : { »

versionType : semver (string)

version : 7.0.0 (string)

lessThanOrEqual : 7.0.9 (string)

status : affected (string)

}

3 : { »

versionType : semver (string)

version : 6.4.0 (string)

lessThanOrEqual : 6.4.14 (string)

status : affected (string)

}

4 : { »

versionType : semver (string)

version : 6.2.0 (string)

lessThanOrEqual : 6.2.12 (string)

status : affected (string)

}

]

}

2 : { »

vendor : Fortinet (string)

product : FortiPortal (string)

defaultStatus : unaffected (string)

versions : [ »

0 : { »

versionType : semver (string)

version : 6.0.0 (string)

lessThanOrEqual : 6.0.14 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 5.3.0 (string)

lessThanOrEqual : 5.3.8 (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. (string)

}

]

providerMetadata : { »

orgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

shortName : fortinet (string)

dateUpdated : 2024-03-12T15:09:16.279Z (string)

}

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

cweId : CWE-134 (string)

description : Execute unauthorized code or commands (string)

type : CWE (string)

}

]

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

version : 3.1 (string)

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Please upgrade to FortiManager version 7.4.2 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.10 or above Please upgrade to FortiAnalyzer version 7.4.2 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.10 or above Please upgrade to FortiAnalyzer-BigData version 7.4.0 or above Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above Please upgrade to FortiPortal version 7.0.0 or above (string)

}

]

references : [ »

0 : { »

name : https://fortiguard.com/psirt/FG-IR-23-304 (string)

url : https://fortiguard.com/psirt/FG-IR-23-304 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T19:09:49.300Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : https://fortiguard.com/psirt/FG-IR-23-304 (string)

url : https://fortiguard.com/psirt/FG-IR-23-304 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : fortinet (string)

product : fortimanager (string)

cpes : [ »

0 : cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 7.4.0 (string)

status : affected (string)

lessThanOrEqual : 7.4.1 (string)

versionType : semver (string)

}

1 : { »

version : 7.2.0 (string)

status : affected (string)

lessThanOrEqual : 7.2.3 (string)

versionType : semver (string)

}

2 : { »

version : 7.0.0 (string)

status : affected (string)

lessThanOrEqual : 7.0.9 (string)

versionType : semver (string)

}

3 : { »

version : 6.4.0 (string)

status : affected (string)

lessThanOrEqual : 6.4.14 (string)

versionType : semver (string)

}

4 : { »

version : 6.2.0 (string)

status : affected (string)

lessThanOrEqual : 6.2.12 (string)

versionType : semver (string)

}

]

}

1 : { »

vendor : fortinet (string)

product : fortianalyzer (string)

cpes : [ »

0 : cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 7.4.0 (string)

status : affected (string)

lessThanOrEqual : 7.4.1 (string)

versionType : semver (string)

}

1 : { »

version : 7.2.0 (string)

status : affected (string)

lessThanOrEqual : 7.2.3 (string)

versionType : semver (string)

}

2 : { »

version : 6.4.0 (string)

status : affected (string)

lessThanOrEqual : 6.4.14 (string)

versionType : semver (string)

}

3 : { »

version : 6.2.0 (string)

status : affected (string)

lessThanOrEqual : 6.2.12 (string)

versionType : semver (string)

}

]

}

2 : { »

vendor : fortinet (string)

product : fortiportal (string)

cpes : [ »

0 : cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 6.0.0 (string)

status : affected (string)

lessThanOrEqual : 6.0.14 (string)

versionType : semver (string)

}

1 : { »

version : 5.3.0 (string)

status : affected (string)

lessThanOrEqual : 5.3.8 (string)

versionType : semver (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-03-22T14:15:41.817688Z (string)

id : CVE-2023-41842 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-08-12T18:09:17.558Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-304", "name": "https://fortiguard.com/psirt/FG-IR-23-304", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.300Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41842", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-22T14:15:41.817688Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortimanager", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.9"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.14"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.12"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortianalyzer", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.14"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.12"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiportal", "versions": [{"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.14"}, {"status": "affected", "version": "5.3.0", "versionType": "semver", "lessThanOrEqual": "5.3.8"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T18:09:04.689Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiManager", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.9"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.14"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.12"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiAnalyzer", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.9"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.14"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.12"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiPortal", "versions": [{"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.14"}, {"status": "affected", "version": "5.3.0", "versionType": "semver", "lessThanOrEqual": "5.3.8"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.10 or above \nPlease upgrade to FortiAnalyzer version 7.4.2 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiAnalyzer version 7.0.10 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.0 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.0 or above \n"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-304", "name": "https://fortiguard.com/psirt/FG-IR-23-304"}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and  Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-03-12T15:09:16.279Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41842", "state": "PUBLISHED", "dateUpdated": "2024-08-12T18:09:17.558Z", "dateReserved": "2023-09-04T08:12:52.814Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-03-12T15:09:16.279Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://fortiguard.com/psirt/FG-IR-23-304 (string)

name : https://fortiguard.com/psirt/FG-IR-23-304 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T19:09:49.300Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-41842 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-03-22T14:15:41.817688Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* (string)

]

vendor : fortinet (string)

product : fortimanager (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.4.1 (string)

}

1 : { »

status : affected (string)

version : 7.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.2.3 (string)

}

2 : { »

status : affected (string)

version : 7.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.0.9 (string)

}

3 : { »

status : affected (string)

version : 6.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.4.14 (string)

}

4 : { »

status : affected (string)

version : 6.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.2.12 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* (string)

]

vendor : fortinet (string)

product : fortianalyzer (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.4.1 (string)

}

1 : { »

status : affected (string)

version : 7.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.2.3 (string)

}

2 : { »

status : affected (string)

version : 6.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.4.14 (string)

}

3 : { »

status : affected (string)

version : 6.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.2.12 (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

cpes : [ »

0 : cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* (string)

]

vendor : fortinet (string)

product : fortiportal (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.0.14 (string)

}

1 : { »

status : affected (string)

version : 5.3.0 (string)

versionType : semver (string)

lessThanOrEqual : 5.3.8 (string)

}

]

defaultStatus : unaffected (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-08-12T18:09:04.689Z (string)

}

]

cna : { »

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 6.3 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

]

affected : [ »

0 : { »

vendor : Fortinet (string)

product : FortiManager (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.4.1 (string)

}

1 : { »

status : affected (string)

version : 7.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.2.3 (string)

}

2 : { »

status : affected (string)

version : 7.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.0.9 (string)

}

3 : { »

status : affected (string)

version : 6.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.4.14 (string)

}

4 : { »

status : affected (string)

version : 6.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.2.12 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Fortinet (string)

product : FortiAnalyzer (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.4.1 (string)

}

1 : { »

status : affected (string)

version : 7.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.2.3 (string)

}

2 : { »

status : affected (string)

version : 7.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.0.9 (string)

}

3 : { »

status : affected (string)

version : 6.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.4.14 (string)

}

4 : { »

status : affected (string)

version : 6.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.2.12 (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

vendor : Fortinet (string)

product : FortiPortal (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 6.0.14 (string)

}

1 : { »

status : affected (string)

version : 5.3.0 (string)

versionType : semver (string)

lessThanOrEqual : 5.3.8 (string)

}

]

defaultStatus : unaffected (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Please upgrade to FortiManager version 7.4.2 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.10 or above Please upgrade to FortiAnalyzer version 7.4.2 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.10 or above Please upgrade to FortiAnalyzer-BigData version 7.4.0 or above Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above Please upgrade to FortiPortal version 7.0.0 or above (string)

}

]

references : [ »

0 : { »

url : https://fortiguard.com/psirt/FG-IR-23-304 (string)

name : https://fortiguard.com/psirt/FG-IR-23-304 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-134 (string)

description : Execute unauthorized code or commands (string)

}

]

}

]

providerMetadata : { »

orgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

shortName : fortinet (string)

dateUpdated : 2024-03-12T15:09:16.279Z (string)

}

cveMetadata : { »

cveId : CVE-2023-41842 (string)

state : PUBLISHED (string)

dateUpdated : 2024-08-12T18:09:17.558Z (string)

dateReserved : 2023-09-04T08:12:52.814Z (string)

assignerOrgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

datePublished : 2024-03-12T15:09:16.279Z (string)

assignerShortName : fortinet (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "18205067-639E-4A90-AF8C-DA71FB65AEFA", "versionEndExcluding": "7.0.10", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E0D5DF6-69C6-4325-94D3-D7A44862F62C", "versionEndExcluding": "7.2.4", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB15106A-8295-4A9E-B5C8-FA9654636B15", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer_bigdata:*:*:*:*:*:*:*:*", "matchCriteriaId": "7299FC61-369D-4F07-B0E1-1FD9E2E371A3", "versionEndIncluding": "6.4.7", "versionStartIncluding": "6.4.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer_bigdata:*:*:*:*:*:*:*:*", "matchCriteriaId": "9417A7DF-F260-45C2-A224-D6FB08792C58", "versionEndIncluding": "7.0.6", "versionStartIncluding": "7.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer_bigdata:*:*:*:*:*:*:*:*", "matchCriteriaId": "A06370D3-3917-4D9E-980D-52621794A671", "versionEndExcluding": "7.2.6", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer_bigdata:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "11815CDE-B157-457A-AB0D-DA73A0F4656C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBD0FF48-FC1A-4406-B939-7E83ED65A57E", "versionEndExcluding": "7.0.10", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BC35BBC-5F0C-4802-8F00-643D465D43E4", "versionEndExcluding": "7.2.4", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "83316FAF-C5DE-4603-B3B2-6796E2FAF1A8", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC626329-3FCF-45BE-955B-82A495B10FA6", "versionEndIncluding": "6.0.14", "versionStartIncluding": "5.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and  Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments."}, {"lang": "es", "value": "Un uso de vulnerabilidad de cadena de formato controlada externamente [CWE-134] en Fortinet FortiManager versi\u00f3n 7.4.0 a 7.4.1, versi\u00f3n 7.2.0 a 7.2.3 y anteriores a 7.0.10, Fortinet FortiAnalyzer versi\u00f3n 7.4.0 a 7.4.1 , versi\u00f3n 7.2.0 a 7.2.3 y anteriores a 7.0.10, Fortinet FortiAnalyzer-BigData anterior a 7.2.5 y Fortinet FortiPortal versi\u00f3n 6.0 todas las versiones y la versi\u00f3n 5.3 todas las versiones permite a un atacante privilegiado ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de argumentos de comando especialmente manipulados."}], "id": "CVE-2023-41842", "lastModified": "2024-11-21T08:21:46.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-12T15:15:45.920", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-304"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 18205067-639E-4A90-AF8C-DA71FB65AEFA (string)

versionEndExcluding : 7.0.10 (string)

versionStartIncluding : 6.2.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8E0D5DF6-69C6-4325-94D3-D7A44862F62C (string)

versionEndExcluding : 7.2.4 (string)

versionStartIncluding : 7.2.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CB15106A-8295-4A9E-B5C8-FA9654636B15 (string)

versionEndExcluding : 7.4.2 (string)

versionStartIncluding : 7.4.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:fortinet:fortianalyzer_bigdata:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7299FC61-369D-4F07-B0E1-1FD9E2E371A3 (string)

versionEndIncluding : 6.4.7 (string)

versionStartIncluding : 6.4.5 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:fortinet:fortianalyzer_bigdata:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9417A7DF-F260-45C2-A224-D6FB08792C58 (string)

versionEndIncluding : 7.0.6 (string)

versionStartIncluding : 7.0.1 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:fortinet:fortianalyzer_bigdata:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A06370D3-3917-4D9E-980D-52621794A671 (string)

versionEndExcluding : 7.2.6 (string)

versionStartIncluding : 7.2.0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:fortinet:fortianalyzer_bigdata:6.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 11815CDE-B157-457A-AB0D-DA73A0F4656C (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BBD0FF48-FC1A-4406-B939-7E83ED65A57E (string)

versionEndExcluding : 7.0.10 (string)

versionStartIncluding : 6.2.0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5BC35BBC-5F0C-4802-8F00-643D465D43E4 (string)

versionEndExcluding : 7.2.4 (string)

versionStartIncluding : 7.2.0 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 83316FAF-C5DE-4603-B3B2-6796E2FAF1A8 (string)

versionEndExcluding : 7.4.2 (string)

versionStartIncluding : 7.4.0 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CC626329-3FCF-45BE-955B-82A495B10FA6 (string)

versionEndIncluding : 6.0.14 (string)

versionStartIncluding : 5.3.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. (string)

}

1 : { »

lang : es (string)

value : Un uso de vulnerabilidad de cadena de formato controlada externamente [CWE-134] en Fortinet FortiManager versión 7.4.0 a 7.4.1, versión 7.2.0 a 7.2.3 y anteriores a 7.0.10, Fortinet FortiAnalyzer versión 7.4.0 a 7.4.1 , versión 7.2.0 a 7.2.3 y anteriores a 7.0.10, Fortinet FortiAnalyzer-BigData anterior a 7.2.5 y Fortinet FortiPortal versión 6.0 todas las versiones y la versión 5.3 todas las versiones permite a un atacante privilegiado ejecutar código o comandos no autorizados a través de argumentos de comando especialmente manipulados. (string)

}

]

id : CVE-2023-41842 (string)

lastModified : 2024-11-21T08:21:46.927 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : psirt@fortinet.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-03-12T15:15:45.920 (string)

references : [ »

0 : { »

source : psirt@fortinet.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://fortiguard.com/psirt/FG-IR-23-304 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://fortiguard.com/psirt/FG-IR-23-304 (string)

}

]

sourceIdentifier : psirt@fortinet.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-134 (string)

}

]

source : psirt@fortinet.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object