{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-40714","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-08-21T09:03:44.315Z","datePublished":"2025-04-02T08:06:48.075Z","dateUpdated":"2025-04-02T16:16:37.645Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiSIEM","cpes":[],"defaultStatus":"unaffected","versions":[{"version":"7.0.0","status":"affected"},{"versionType":"semver","version":"6.7.0","lessThanOrEqual":"6.7.2","status":"affected"},{"versionType":"semver","version":"6.6.0","lessThanOrEqual":"6.6.3","status":"affected"},{"versionType":"semver","version":"6.5.0","lessThanOrEqual":"6.5.1","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2025-04-02T08:06:48.075Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-23","description":"Escalation of privilege","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.7,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiSIEM version 7.0.1 or above\nPlease upgrade to FortiSIEM version 6.7.4 or above\nPlease upgrade to FortiSIEM version 6.6.4 or above\nPlease upgrade to FortiSIEM version 6.5.2 or above\nPlease upgrade to FortiSIEM version 6.4.3 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-085","url":"https://fortiguard.com/psirt/FG-IR-23-085"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-02T16:14:52.268463Z","id":"CVE-2023-40714","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-02T16:16:37.645Z"}}]}}