CVE-2023-42788: OS Command Injection
First published: Tue Oct 10 2023(Updated: )
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| >=6.2.0<=6.2.11 | ||
| >=6.4.0<=6.4.12 | ||
| >=7.0.0<=7.0.8 | ||
| >=7.2.0<=7.2.3 | ||
| =7.4.0 | ||
| >=6.2.0<=6.2.11 | ||
| >=6.4.0<=6.4.12 | ||
| >=7.0.0<=7.0.8 | ||
| >=7.2.0<=7.2.3 | ||
| =7.4.0 | ||
| Fortinet FortiAnalyzer | >=6.2.0<=6.2.11 | |
| Fortinet FortiAnalyzer | >=6.4.0<=6.4.12 | |
| Fortinet FortiAnalyzer | >=7.0.0<=7.0.8 | |
| Fortinet FortiAnalyzer | >=7.2.0<=7.2.3 | |
| Fortinet FortiAnalyzer | =7.4.0 | |
| Fortinet FortiManager | >=6.2.0<=6.2.11 | |
| Fortinet FortiManager | >=6.4.0<=6.4.12 | |
| Fortinet FortiManager | >=7.0.0<=7.0.8 | |
| Fortinet FortiManager | >=7.2.0<=7.2.3 | |
| Fortinet FortiManager | =7.4.0 |
Remedy
Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2023-42788.
What is the severity level of CVE-2023-42788?
The severity level of CVE-2023-42788 is high (7.8).
Which software versions are affected by CVE-2023-42788?
FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12, and version 6.2.0 through 6.2.11 are affected by CVE-2023-42788.
What is the Common Weakness Enumeration (CWE) ID of CVE-2023-42788?
The Common Weakness Enumeration (CWE) ID of CVE-2023-42788 is CWE-78.
How can I find more information about CVE-2023-42788?
You can find more information about CVE-2023-42788 at the following link: [link](https://fortiguard.com/psirt/FG-IR-23-167).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/fortinet
- canonical/fortinet fortianalyzer
- version/fortinet fortianalyzer/6.2.0
- version/fortinet fortianalyzer/6.2.11
- version/fortinet fortianalyzer/6.4.0
- version/fortinet fortianalyzer/6.4.12
- version/fortinet fortianalyzer/7.0.0
- version/fortinet fortianalyzer/7.0.8
- version/fortinet fortianalyzer/7.2.0
- version/fortinet fortianalyzer/7.2.3
- version/fortinet fortianalyzer/7.4.0
- canonical/fortinet fortimanager
- version/fortinet fortimanager/6.2.0
- version/fortinet fortimanager/6.2.11
- version/fortinet fortimanager/6.4.0
- version/fortinet fortimanager/6.4.12
- version/fortinet fortimanager/7.0.0
- version/fortinet fortimanager/7.0.8
- version/fortinet fortimanager/7.2.0
- version/fortinet fortimanager/7.2.3
- version/fortinet fortimanager/7.4.0