CVE-2023-40716

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 13, 2023
Updated: Dec 15, 2023
CWE ID 78

Summary

CVE-2023-40716 is an OS command vulnerability, specifically an improper neutralization of special elements, found in the command line interpreter of FortiTester versions 2.3.0 through 7.2.3. This vulnerability allows an authenticated attacker to execute unauthorized commands by using specially crafted arguments during the execution of restore/backup commands. The affected products include FortiTester versions oaBv_M, oaBv_N, oaBv_O, oaBv_P, oaBv_K, t1jDwA, oaBv_L, gSPdxl, gSPdxk, gSPdxn, gSPdxm, gSPdxh, gSPdxg, gSPdxj, gSPdxi, oaBv_Q, oaBv_R, gSPdxo, gSPdxV, gSPdxU, gSPdxX,gSPdxW,gSPdxR,gSgPdxtRgSpgPdxdRgSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPddxcg,t1jDv_,t1jDv-. This vulnerability has a risk score of 25 and a base severity rating of HIGH according to NIST. The potential impact is also high in terms of integrity and confidentiality. The exploitability score is 1.8 out of 10 and the attack vector is local. Organizations are advised to update their FortiTester software to a version that addresses this vulnerability promptly to mitigate the potential danger it poses to their systems and data.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-40716 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options