CVE-2023-47534

Summary

A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientEMS7.2.0 <= 7.2.2affected
FortinetFortiClientEMS7.0.0 <= 7.0.10affected
FortinetFortiClientEMS6.4.7 <= 6.4.9affected
FortinetFortiClientEMS6.4.0 <= 6.4.4affected
FortinetFortiClientEMS6.2.6 <= 6.2.9affected
FortinetFortiClientEMS6.2.0 <= 6.2.4affected
FortinetFortiClientEMS6.0.8affected
FortinetFortiClientEMS6.0.0 <= 6.0.6affected

Weaknesses

  • CWE-1236: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References