{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-46714","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-10-25T08:43:15.289Z","datePublished":"2024-05-14T16:19:13.614Z","dateUpdated":"2024-08-02T20:53:20.924Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.1","status":"affected"},{"versionType":"semver","version":"7.2.1","lessThanOrEqual":"7.2.6","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2024-05-14T16:19:13.614Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-121","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiAuthenticator version 6.6.1 or above \nPlease upgrade to FortiAuthenticator version 6.5.5 or above \n"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-415","url":"https://fortiguard.com/psirt/FG-IR-23-415"}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-46714","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-14T18:38:21.376226Z"}}}],"affected":[{"cpes":["cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortios","versions":[{"status":"affected","version":"7.2.1","versionType":"custom","lessThanOrEqual":"7.2.6"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortios","versions":[{"status":"affected","version":"7.4.0","versionType":"custom","lessThanOrEqual":"7.4.1"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:22:20.601Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:53:20.924Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-415","url":"https://fortiguard.com/psirt/FG-IR-23-415","tags":["x_transferred"]}]}]}}