CVE-2023-42788

Summary

CVE-2023-42788 is an OS Command Injection vulnerability (CWE-78) that affects FortiManager and FortiAnalyzer versions 7.4.0, 7.2.0 through 7.2.3, 7.0.0 through 7.0.8, 6.4.0 through 6.4.12, and 6.2.0 through 6.2.11 software products, with a risk score of 26 out of 100 and a base severity rating of HIGH (7.8 out of 10). The vulnerability allows a local attacker with low privileges to execute unauthorized code by providing specially crafted arguments to a CLI command on the affected systems, potentially leading to unauthorized access or control over the compromised system or sensitive data stored within it. The potential danger posed to organizations is significant as it can result in the compromise of critical information and the exploitation of system resources for malicious purposes. To remediate this vulnerability, organizations using the affected versions should update their FortiManager and FortiAnalyzer software to versions that have fixed the issue or apply any patches provided by Fortinet promptly. Regularly monitoring for new security updates and applying them in a timely manner is crucial to maintaining a secure environment and mitigating risks associated with known vulnerabilities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.