CVE-2023-27995
First published: Tue Apr 11 2023(Updated: )
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSOAR | >=7.3.0<7.3.2 |
Remedy
Please upgrade to FortiSOAR version 8.0.0 or above Please upgrade to FortiSOAR version 7.3.2 or above Please upgrade to FortiSOAR version 7.2.3 or above Please upgrade to FortiSOAR version 7.0.4 or above Please upgrade to FortiSOAR version 6.6.0 or above Please upgrade to FortiSOAR version 6.4.5 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-27995.
What is the severity of CVE-2023-27995?
The severity of CVE-2023-27995 is high.
What software is affected by CVE-2023-27995?
Fortinet FortiSOAR versions 7.3.0 through 7.3.1 are affected by CVE-2023-27995.
How does CVE-2023-27995 impact the system?
CVE-2023-27995 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.
How can I fix CVE-2023-27995?
To fix CVE-2023-27995, it is recommended to upgrade to Fortinet FortiSOAR version 7.3.2 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/fortinet
- canonical/fortinet fortisoar
- version/fortinet fortisoar/7.3.0