{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-42788","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-09-14T08:37:38.657Z","datePublished":"2023-10-10T16:48:56.210Z","dateUpdated":"2025-12-16T18:23:24.630Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","versions":[{"version":"7.4.0","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.3","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.8","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.12","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.11","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","versions":[{"version":"7.4.0","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.3","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.8","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.12","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.11","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-10-18T21:18:09.421Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-167","url":"https://fortiguard.com/psirt/FG-IR-23-167"},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-qpv8-g6qv-rf8p"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:30:24.703Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-167","url":"https://fortiguard.com/psirt/FG-IR-23-167","tags":["x_transferred"]},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-qpv8-g6qv-rf8p","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-42788","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-10-22T20:58:28.753630Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-16T18:23:24.630Z"}}]}}