CVE-2023-41838

Summary

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAnalyzer7.4.0affected
FortinetFortiAnalyzer7.2.0 <= 7.2.3affected
FortinetFortiAnalyzer7.0.0 <= 7.0.8affected
FortinetFortiAnalyzer6.4.0 <= 6.4.12affected
FortinetFortiAnalyzer6.2.0 <= 6.2.11affected
FortinetFortiManager7.4.0affected
FortinetFortiManager7.2.0 <= 7.2.3affected
FortinetFortiManager7.0.0 <= 7.0.8affected
FortinetFortiManager6.4.0 <= 6.4.12affected
FortinetFortiManager6.2.0 <= 6.2.11affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References