mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
226 lines
8.8 KiB
JSON
226 lines
8.8 KiB
JSON
{
|
|
"id": "CVE-2023-25607",
|
|
"sourceIdentifier": "psirt@fortinet.com",
|
|
"published": "2023-10-10T17:15:11.147",
|
|
"lastModified": "2024-11-21T07:49:49.287",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC\u00a0 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe\u00a0usage of the wordexp function."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') [CWE-78] en: \nFortiManager 7.2.0 hasta 7.2.2, 7.0.0 hasta 7.0.7, 6.4.0 hasta 6.4.11, 6.2 todas las versiones, 6.0 todas las versiones, \nFortiAnalyzer 7.2.0 hasta 7.2.2, 7.0.0 hasta 7.0.7, 6.4.0 hasta 6.4.11, 6.2 todas las versiones, 6.0 todas las versiones y \nFortiADC 7.1.0, 7.0.0 hasta 7.0.3, 6.2 todas las versiones, 6.1 todas las versiones, 6.0 todas las versiones. \nLa interfaz de administraci\u00f3n puede permitir que un atacante autenticado con al menos permisos de LECTURA en la configuraci\u00f3n del sistema ejecute comandos arbitrarios en el shell subyacente debido a un uso inseguro de la funci\u00f3n wordexp."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "psirt@fortinet.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "psirt@fortinet.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-78"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-78"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndIncluding": "6.0.4",
|
|
"matchCriteriaId": "3ADB57D8-1ABE-4401-B1B0-4640A34C555A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.1.0",
|
|
"versionEndIncluding": "6.1.6",
|
|
"matchCriteriaId": "D31CF79E-6C56-4CD0-9DD2-FBB48D503786"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.2.0",
|
|
"versionEndIncluding": "6.2.6",
|
|
"matchCriteriaId": "F5275C5C-B6FD-4456-B143-ECDD282150C4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.0.0",
|
|
"versionEndIncluding": "7.0.3",
|
|
"matchCriteriaId": "4488C266-0436-40AD-BD99-A228787285AB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B35D8D53-448B-474C-B7CB-324CB4ED7A82"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndIncluding": "6.0.12",
|
|
"matchCriteriaId": "2318A6AC-AA3E-4604-968C-35A46E79FCB8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.2.0",
|
|
"versionEndIncluding": "6.2.12",
|
|
"matchCriteriaId": "285EC81A-34F0-4153-82DE-6A49C05EB240"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.4.0",
|
|
"versionEndIncluding": "6.4.11",
|
|
"matchCriteriaId": "337E7B95-CC70-41BB-8F0A-FE40D39F23DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.0.0",
|
|
"versionEndIncluding": "7.0.7",
|
|
"matchCriteriaId": "4EC99242-BA69-4046-A981-E37ACDC62D9D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FDD88F7C-8136-4CFF-AF1E-9AE928878C7F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CE9DDF78-DBFF-43B9-A4ED-145029ED9B1E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndIncluding": "6.0.12",
|
|
"matchCriteriaId": "8DFFD873-3F9B-41D8-92E6-09F84712BCE1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.2.0",
|
|
"versionEndIncluding": "6.2.12",
|
|
"matchCriteriaId": "09105C5B-378F-4E1A-B395-F43573983A26"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.4.0",
|
|
"versionEndIncluding": "6.4.11",
|
|
"matchCriteriaId": "6DA1F7EC-363D-432C-9225-3A217D9F3CBE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.0.0",
|
|
"versionEndIncluding": "7.0.7",
|
|
"matchCriteriaId": "A57331B0-1B5B-4E70-BD82-E87715CDD921"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "407755AA-0C23-4C5B-88A2-8BC12A3D268D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0A0A1111-4054-4C7B-B333-E13A8684207B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "81E5E264-0F74-4C45-BC90-384E572A14B8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://fortiguard.com/psirt/FG-IR-22-352",
|
|
"source": "psirt@fortinet.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://fortiguard.com/psirt/FG-IR-22-352",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |