CVE-2023-45590

Summary

An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientLinux7.2.0affected
FortinetFortiClientLinux7.0.6 <= 7.0.10affected
FortinetFortiClientLinux7.0.3 <= 7.0.4affected

Weaknesses

  • CWE-94: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References