What is the vulnerability ID for this Fortinet vulnerability?

The vulnerability ID for this Fortinet vulnerability is CVE-2023-42787.

Which software versions are affected by this vulnerability?

Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 are affected by this vulnerability.

What is the severity of CVE-2023-42787?

The severity of CVE-2023-42787 is medium with a CVSS score of 6.5.

How can a remote attacker exploit this vulnerability?

A remote attacker with low privileges can exploit this vulnerability by accessing a privileged web console via client-side code execution.

Is there a patch or fix available for this vulnerability?

Yes, patches are available to fix this vulnerability. Please refer to the vendor's website for more information.

Vulnerability/
CVE-2023-42787

medium

6.5

CWE

602

10/10/2023

2/8/2024

25/10/2024

CVE-2023-42787: Unprivileged user can access web console and run some unauthorized commands

First published: Tue Oct 10 2023(Updated: )

A client-side enforcement of server-side security [CWE-602] vulnerability in FortiManager and FortiAnalyzer may allow a remote attacker with low privileges to access a privileged web console via client side code execution.

Credit: psirt@fortinet.com psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiAnalyzer	>=6.2.0<=6.2.12
Fortinet FortiAnalyzer	>=6.4.0<=6.4.13
Fortinet FortiAnalyzer	>=7.0.0<=7.0.9
Fortinet FortiAnalyzer	>=7.2.0<=7.2.3
Fortinet FortiAnalyzer	=7.4.0
Fortinet FortiManager	>=6.2.0<=6.2.12
Fortinet FortiManager	>=6.4.0<=6.4.13
Fortinet FortiManager	>=7.0.0<=7.0.9
Fortinet FortiManager	>=7.2.0<=7.2.3
Fortinet FortiManager	=7.4.0
Fortinet FortiAnalyzer-BigData	>=7.2.0<=7.2.5
Fortinet FortiAnalyzer-BigData	>=7.0
Fortinet FortiManager	=.
Fortinet FortiManager	>=7.2.0<=7.2.3
Fortinet FortiManager	>=7.0.0<=7.0.9
Fortinet FortiManager	>=6.4
Fortinet FortiManager	>=6.2

Remedy

Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this Fortinet vulnerability?
The vulnerability ID for this Fortinet vulnerability is CVE-2023-42787.
Which software versions are affected by this vulnerability?
Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 are affected by this vulnerability.
What is the severity of CVE-2023-42787?
The severity of CVE-2023-42787 is medium with a CVSS score of 6.5.
How can a remote attacker exploit this vulnerability?
A remote attacker with low privileges can exploit this vulnerability by accessing a privileged web console via client-side code execution.
Is there a patch or fix available for this vulnerability?
Yes, patches are available to fix this vulnerability. Please refer to the vendor's website for more information.

collector/nvd-index
collector/nvd-api
agent/author
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/last-modified-date
collector/fortiguard-psirt
source/FortiGuard
alias/CVE-2023-42787
agent/software-canonical-lookup
agent/severity
agent/title
agent/references
agent/softwarecombine
agent/first-publish-date
agent/description
agent/tags
collector/fortiguard-psirt-latest
agent/event
agent/trending
vendor/fortinet
canonical/fortinet fortianalyzer
version/fortinet fortianalyzer/6.2.0
version/fortinet fortianalyzer/6.2.12
version/fortinet fortianalyzer/6.4.0
version/fortinet fortianalyzer/6.4.13
version/fortinet fortianalyzer/7.0.0
version/fortinet fortianalyzer/7.0.9
version/fortinet fortianalyzer/7.2.0
version/fortinet fortianalyzer/7.2.3
version/fortinet fortianalyzer/7.4.0
canonical/fortinet fortimanager
version/fortinet fortimanager/6.2.0
version/fortinet fortimanager/6.2.12
version/fortinet fortimanager/6.4.0
version/fortinet fortimanager/6.4.13
version/fortinet fortimanager/7.0.0
version/fortinet fortimanager/7.0.9
version/fortinet fortimanager/7.2.0
version/fortinet fortimanager/7.2.3
version/fortinet fortimanager/7.4.0
canonical/fortinet fortianalyzer-bigdata
version/fortinet fortianalyzer-bigdata/7.2.0
version/fortinet fortianalyzer-bigdata/7.2.5
version/fortinet fortianalyzer-bigdata/7.0
version/fortinet fortimanager/.
version/fortinet fortimanager/6.4
version/fortinet fortimanager/6.2