{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-41838", "ASSIGNER": "psirt@fortinet.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands", "cweId": "CWE-78" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Fortinet", "product": { "product_data": [ { "product_name": "FortiAnalyzer", "version": { "version_data": [ { "version_affected": "=", "version_value": "7.4.0" }, { "version_affected": "<=", "version_name": "7.2.0", "version_value": "7.2.3" }, { "version_affected": "<=", "version_name": "7.0.0", "version_value": "7.0.8" }, { "version_affected": "<=", "version_name": "6.4.0", "version_value": "6.4.12" }, { "version_affected": "<=", "version_name": "6.2.0", "version_value": "6.2.11" } ] } }, { "product_name": "FortiManager", "version": { "version_data": [ { "version_affected": "=", "version_value": "7.4.0" }, { "version_affected": "<=", "version_name": "7.2.0", "version_value": "7.2.3" }, { "version_affected": "<=", "version_name": "7.0.0", "version_value": "7.0.8" }, { "version_affected": "<=", "version_name": "6.4.0", "version_value": "6.4.12" }, { "version_affected": "<=", "version_name": "6.2.0", "version_value": "6.2.11" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-169", "refsource": "MISC", "name": "https://fortiguard.com/psirt/FG-IR-23-169" } ] }, "solution": [ { "lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above " } ], "impact": { "cvss": [ { "version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:X" } ] } }