6.5
CVE-2023-42787
- EPSS 1.37%
- Veröffentlicht 10.10.2023 17:15:12
- Zuletzt bearbeitet 21.11.2024 08:23:09
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 6.2.0 <= 6.2.12
Fortinet ≫ Fortianalyzer Version >= 6.4.0 <= 6.4.13
Fortinet ≫ Fortianalyzer Version >= 7.0.0 <= 7.0.9
Fortinet ≫ Fortianalyzer Version >= 7.2.0 <= 7.2.3
Fortinet ≫ Fortianalyzer Version7.4.0
Fortinet ≫ Fortimanager Version >= 6.2.0 <= 6.2.12
Fortinet ≫ Fortimanager Version >= 6.4.0 <= 6.4.13
Fortinet ≫ Fortimanager Version >= 7.0.0 <= 7.0.9
Fortinet ≫ Fortimanager Version >= 7.2.0 <= 7.2.3
Fortinet ≫ Fortimanager Version7.4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.37% | 0.684 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| psirt@fortinet.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-602 Client-Side Enforcement of Server-Side Security
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
https://fortiguard.com/psirt/FG-IR-23-187
https://github.com/orangecertcc/security-research/security/advisories/GHSA-q5pq-8666-j8fr