CVE-2023-41838: OS Command Injection
First published: Tue Oct 10 2023(Updated: )
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiAnalyzer | >=6.2.0<=6.2.11 | |
| Fortinet FortiAnalyzer | >=6.4.0<=6.4.12 | |
| Fortinet FortiAnalyzer | >=7.0.0<=7.0.8 | |
| Fortinet FortiAnalyzer | >=7.2.0<=7.2.3 | |
| Fortinet FortiAnalyzer | =7.4.0 | |
| Fortinet FortiManager | >=6.2.0<=6.2.11 | |
| Fortinet FortiManager | >=6.4.0<=6.4.12 | |
| Fortinet FortiManager | >=7.0.0<=7.0.8 | |
| Fortinet FortiManager | >=7.2.0<=7.2.3 | |
| Fortinet FortiManager | =7.4.0 |
Remedy
Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-41838?
CVE-2023-41838 is an improper neutralization of special elements used in an os command ('os command injection') vulnerability in FortiManager 7.4.0 and 7.2.0 through 7.2.3 that may allow an attacker to execute unauthorized code or commands via FortiManager cli.
How does CVE-2023-41838 affect FortiAnalyzer?
FortiAnalyzer versions 6.2.0 to 6.2.11, 6.4.0 to 6.4.12, 7.0.0 to 7.0.8, and 7.2.0 to 7.2.3 are affected by CVE-2023-41838.
How does CVE-2023-41838 affect FortiManager?
FortiManager versions 6.2.0 to 6.2.11, 6.4.0 to 6.4.12, 7.0.0 to 7.0.8, and 7.2.0 to 7.2.3 are affected by CVE-2023-41838.
What is the severity of CVE-2023-41838?
CVE-2023-41838 has a severity score of 7.1, which is classified as high.
How can I mitigate CVE-2023-41838?
Upgrade FortiManager to a version that is not affected by CVE-2023-41838, as recommended by FortiGuard advisory FG-IR-23-169.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/fortinet
- canonical/fortinet fortianalyzer
- version/fortinet fortianalyzer/6.2.0
- version/fortinet fortianalyzer/6.2.11
- version/fortinet fortianalyzer/6.4.0
- version/fortinet fortianalyzer/6.4.12
- version/fortinet fortianalyzer/7.0.0
- version/fortinet fortianalyzer/7.0.8
- version/fortinet fortianalyzer/7.2.0
- version/fortinet fortianalyzer/7.2.3
- version/fortinet fortianalyzer/7.4.0
- canonical/fortinet fortimanager
- version/fortinet fortimanager/6.2.0
- version/fortinet fortimanager/6.2.11
- version/fortinet fortimanager/6.4.0
- version/fortinet fortimanager/6.4.12
- version/fortinet fortimanager/7.0.0
- version/fortinet fortimanager/7.0.8
- version/fortinet fortimanager/7.2.0
- version/fortinet fortimanager/7.2.3
- version/fortinet fortimanager/7.4.0