CVE-2023-42788

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 10, 2023
Updated: Jan 12, 2024
CWE ID 78

Summary

CVE-2023-42788 is an OS Command Injection vulnerability (CWE-78) that affects FortiManager and FortiAnalyzer versions 7.4.0, 7.2.0 through 7.2.3, 7.0.0 through 7.0.8, 6.4.0 through 6.4.12, and 6.2.0 through 6.2.11 software products, with a risk score of 26 out of 100 and a base severity rating of HIGH (7.8 out of 10). The vulnerability allows a local attacker with low privileges to execute unauthorized code by providing specially crafted arguments to a CLI command on the affected systems, potentially leading to unauthorized access or control over the compromised system or sensitive data stored within it. The potential danger posed to organizations is significant as it can result in the compromise of critical information and the exploitation of system resources for malicious purposes.

To remediate this vulnerability, organizations using the affected versions should update their FortiManager and FortiAnalyzer software to versions that have fixed the issue or apply any patches provided by Fortinet promptly. Regularly monitoring for new security updates and applying them in a timely manner is crucial to maintaining a secure environment and mitigating risks associated with known vulnerabilities.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42788 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options