CVE-2023-41677

Summary

A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0 <= 7.4.1affected
FortinetFortiOS7.2.0 <= 7.2.6affected
FortinetFortiOS7.0.0 <= 7.0.12affected
FortinetFortiOS6.4.0 <= 6.4.14affected
FortinetFortiOS6.2.0 <= 6.2.15affected
FortinetFortiOS6.0.0 <= 6.0.18affected
FortinetFortiProxy7.4.0 <= 7.4.1affected
FortinetFortiProxy7.2.0 <= 7.2.7affected
FortinetFortiProxy7.0.0 <= 7.0.13affected
FortinetFortiProxy2.0.0 <= 2.0.14affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiProxy1.0.0 <= 1.0.7affected

Weaknesses

  • CWE-522: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References