CVE-2023-41842

Summary

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiPortal6.0.0 <= 6.0.14affected
FortinetFortiPortal5.3.0 <= 5.3.8affected
FortinetFortiAnalyzer-BigData7.2.0 <= 7.2.5affected
FortinetFortiAnalyzer-BigData7.0.1 <= 7.0.6affected
FortinetFortiAnalyzer-BigData6.4.5 <= 6.4.7affected
FortinetFortiAnalyzer-BigData6.2.5affected
FortinetFortiAnalyzer7.4.0 <= 7.4.1affected
FortinetFortiAnalyzer7.2.0 <= 7.2.3affected
FortinetFortiAnalyzer7.0.0 <= 7.0.9affected
FortinetFortiAnalyzer6.4.0 <= 6.4.15affected
FortinetFortiAnalyzer6.2.0 <= 6.2.13affected
FortinetFortiManager7.4.0 <= 7.4.1affected
FortinetFortiManager7.2.0 <= 7.2.3affected
FortinetFortiManager7.0.0 <= 7.0.9affected
FortinetFortiManager6.4.0 <= 6.4.15affected
FortinetFortiManager6.2.0 <= 6.2.13affected

Weaknesses

  • CWE-134: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References