{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-40723","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-08-21T09:03:44.316Z","datePublished":"2025-03-11T14:54:28.770Z","dateUpdated":"2026-02-26T19:09:41.705Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiSIEM","cpes":[],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"6.7.0","lessThanOrEqual":"6.7.4","status":"affected"},{"versionType":"semver","version":"6.6.0","lessThanOrEqual":"6.6.3","status":"affected"},{"versionType":"semver","version":"6.5.0","lessThanOrEqual":"6.5.1","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.2","status":"affected"},{"versionType":"semver","version":"6.3.0","lessThanOrEqual":"6.3.3","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.1","status":"affected"},{"versionType":"semver","version":"6.1.0","lessThanOrEqual":"6.1.2","status":"affected"},{"version":"5.4.0","status":"affected"},{"versionType":"semver","version":"5.3.0","lessThanOrEqual":"5.3.3","status":"affected"},{"versionType":"semver","version":"5.2.5","lessThanOrEqual":"5.2.8","status":"affected"},{"versionType":"semver","version":"5.2.1","lessThanOrEqual":"5.2.2","status":"affected"},{"versionType":"semver","version":"5.1.0","lessThanOrEqual":"5.1.3","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2025-03-11T14:54:28.770Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-200","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiSIEM version 7.0.2 or above \nPlease upgrade to FortiSIEM version 7.0.0 or above \nPlease upgrade to FortiSIEM version 6.7.5 or above \nPlease upgrade to FortiSIEM version 6.6.4 or above \nPlease upgrade to FortiSIEM version 6.5.2 or above \nPlease upgrade to FortiSIEM version 6.4.3 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-117","url":"https://fortiguard.com/psirt/FG-IR-23-117"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-40723","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-03-12T04:00:50.664894Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T19:09:41.705Z"}}]}}