cve/2023/CVE-2023-41842.md

### [CVE-2023-41842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41842)
![](https://img.shields.io/static/v1?label=Product&message=FortiAnalyzer&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FortiPortal&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%3D%206.0.14%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen)

### Description

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and  Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/vulsio/go-cve-dictionary
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-41842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41842)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiAnalyzer&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiPortal&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%3D%206.0.14%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen)`

			`### Description`

			A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/vulsio/go-cve-dictionary`