{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-42791","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-09-14T08:37:38.657Z","datePublished":"2024-02-20T13:19:20.221Z","dateUpdated":"2024-08-02T19:30:24.297Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","versions":[{"version":"7.4.0","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.3","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.8","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.12","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.11","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","versions":[{"version":"7.4.0","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.3","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.8","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.12","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.11","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2024-02-20T13:19:20.221Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-23","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.0.7 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.4.8 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.2.6 or above \nPlease upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above \nPlease upgrade to FortiManager version 6.2.12 or above \nPlease upgrade to FortiAnalyzer version 7.4.1 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiAnalyzer version 7.0.9 or above \nPlease upgrade to FortiAnalyzer version 6.4.13 or above \nPlease upgrade to FortiAnalyzer version 6.2.12 or above \n"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-189","url":"https://fortiguard.com/psirt/FG-IR-23-189"}]},"adp":[{"affected":[{"vendor":"fortinet","product":"fortianalyzer","cpes":["cpe:2.3:a:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.2.0","status":"affected","lessThanOrEqual":"6.2.11","versionType":"semver"},{"version":"6.4.0","status":"affected","lessThanOrEqual":"6.4.12","versionType":"semver"},{"version":"7.0.0","status":"affected","lessThanOrEqual":"7.0.8","versionType":"semver"},{"version":"7.2.0","status":"affected","lessThanOrEqual":"7.2.3","versionType":"semver"},{"version":"7.4.0","status":"affected","lessThan":"7.4.1","versionType":"semver"}]},{"vendor":"fortinet","product":"fortimanager","cpes":["cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.2.0","status":"affected","lessThanOrEqual":"6.2.11","versionType":"semver"},{"version":"6.4.0","status":"affected","lessThanOrEqual":"6.4.12","versionType":"semver"},{"version":"7.0.0","status":"affected","lessThanOrEqual":"7.0.8","versionType":"semver"},{"version":"7.2.0","status":"affected","lessThanOrEqual":"7.2.3","versionType":"semver"},{"version":"7.4.0","status":"affected","lessThan":"7.4.1","versionType":"semver"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-09T17:13:32.925996Z","id":"CVE-2023-42791","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-09T17:18:19.959Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:30:24.297Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-189","url":"https://fortiguard.com/psirt/FG-IR-23-189","tags":["x_transferred"]}]}]}}