First published: Tue Oct 10 2023(Updated: )
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | >=6.2.0<=6.2.11 | |
Fortinet FortiAnalyzer | >=6.4.0<=6.4.12 | |
Fortinet FortiAnalyzer | >=7.0.0<=7.0.8 | |
Fortinet FortiAnalyzer | >=7.2.0<=7.2.3 | |
Fortinet FortiAnalyzer | =7.4.0 | |
Fortinet FortiManager | >=6.2.0<=6.2.11 | |
Fortinet FortiManager | >=6.4.0<=6.4.12 | |
Fortinet FortiManager | >=7.0.0<=7.0.8 | |
Fortinet FortiManager | >=7.2.0<=7.2.3 | |
Fortinet FortiManager | =7.4.0 |
Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-41838 is an improper neutralization of special elements used in an os command ('os command injection') vulnerability in FortiManager 7.4.0 and 7.2.0 through 7.2.3 that may allow an attacker to execute unauthorized code or commands via FortiManager cli.
FortiAnalyzer versions 6.2.0 to 6.2.11, 6.4.0 to 6.4.12, 7.0.0 to 7.0.8, and 7.2.0 to 7.2.3 are affected by CVE-2023-41838.
FortiManager versions 6.2.0 to 6.2.11, 6.4.0 to 6.4.12, 7.0.0 to 7.0.8, and 7.2.0 to 7.2.3 are affected by CVE-2023-41838.
CVE-2023-41838 has a severity score of 7.1, which is classified as high.
Upgrade FortiManager to a version that is not affected by CVE-2023-41838, as recommended by FortiGuard advisory FG-IR-23-169.