CVE-2023-47542

Summary

A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager7.4.0 <= 7.4.1affected
FortinetFortiManager7.2.0 <= 7.2.4affected
FortinetFortiManager7.0.0 <= 7.0.10affected

Weaknesses

  • CWE-1336: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References