CVE-2023-40716
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2023-40716 is an OS command vulnerability, specifically an improper neutralization of special elements, found in the command line interpreter of FortiTester versions 2.3.0 through 7.2.3. This vulnerability allows an authenticated attacker to execute unauthorized commands by using specially crafted arguments during the execution of restore/backup commands. The affected products include FortiTester versions oaBv_M, oaBv_N, oaBv_O, oaBv_P, oaBv_K, t1jDwA, oaBv_L, gSPdxl, gSPdxk, gSPdxn, gSPdxm, gSPdxh, gSPdxg, gSPdxj, gSPdxi, oaBv_Q, oaBv_R, gSPdxo, gSPdxV, gSPdxU, gSPdxX,gSPdxW,gSPdxR,gSgPdxtRgSpgPdxdRgSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPddxcg,t1jDv_,t1jDv-. This vulnerability has a risk score of 25 and a base severity rating of HIGH according to NIST. The potential impact is also high in terms of integrity and confidentiality. The exploitability score is 1.8 out of 10 and the attack vector is local. Organizations are advised to update their FortiTester software to a version that addresses this vulnerability promptly to mitigate the potential danger it poses to their systems and data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions