CVE-2023-40716

Summary

CVE-2023-40716 is an OS command vulnerability, specifically an improper neutralization of special elements, found in the command line interpreter of FortiTester versions 2.3.0 through 7.2.3. This vulnerability allows an authenticated attacker to execute unauthorized commands by using specially crafted arguments during the execution of restore/backup commands. The affected products include FortiTester versions oaBv_M, oaBv_N, oaBv_O, oaBv_P, oaBv_K, t1jDwA, oaBv_L, gSPdxl, gSPdxk, gSPdxn, gSPdxm, gSPdxh, gSPdxg, gSPdxj, gSPdxi, oaBv_Q, oaBv_R, gSPdxo, gSPdxV, gSPdxU, gSPdxX,gSPdxW,gSPdxR,gSgPdxtRgSpgPdxdRgSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPdxdxagSpgPddxcg,t1jDv_,t1jDv-. This vulnerability has a risk score of 25 and a base severity rating of HIGH according to NIST. The potential impact is also high in terms of integrity and confidentiality. The exploitability score is 1.8 out of 10 and the attack vector is local. Organizations are advised to update their FortiTester software to a version that addresses this vulnerability promptly to mitigate the potential danger it poses to their systems and data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.