{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-48790","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-11-19T19:58:38.554Z","datePublished":"2025-03-11T14:54:31.599Z","dateUpdated":"2025-03-11T16:05:58.718Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiNDR","cpes":[],"defaultStatus":"unaffected","versions":[{"version":"7.4.0","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.1.0","lessThanOrEqual":"7.1.1","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.5","status":"affected"},{"versionType":"semver","version":"1.5.0","lessThanOrEqual":"1.5.3","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2025-03-11T14:54:31.599Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-352","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiNDR version 7.4.1 or above \nPlease upgrade to FortiNDR version 7.2.2 or above \nPlease upgrade to FortiNDR version 7.1.2 or above \nPlease upgrade to FortiNDR version 7.0.6 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-23-353","url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-353"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-11T16:03:35.954580Z","id":"CVE-2023-48790","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-11T16:05:58.718Z"}}]}}