6.7
CVE-2023-41842
- EPSS 0.07%
- Published 12.03.2024 15:15:45
- Last modified 11.07.2025 20:06:38
- Source psirt@fortinet.com
- Teams watchlist Login
- Open Login
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
Data is provided by the National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 6.2.0 < 7.0.10
Fortinet ≫ Fortianalyzer Version >= 7.2.0 < 7.2.4
Fortinet ≫ Fortianalyzer Version >= 7.4.0 < 7.4.2
Fortinet ≫ Fortianalyzer Big Data Version >= 6.4.5 <= 6.4.7
Fortinet ≫ Fortianalyzer Big Data Version >= 7.0.1 <= 7.0.6
Fortinet ≫ Fortianalyzer Big Data Version >= 7.2.0 < 7.2.6
Fortinet ≫ Fortianalyzer Big Data Version6.2.5
Fortinet ≫ Fortimanager Version >= 6.2.0 < 7.0.10
Fortinet ≫ Fortimanager Version >= 7.2.0 < 7.2.4
Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.2
Fortinet ≫ Fortiportal Version >= 5.3.0 < 6.0.15
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.216 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.