CVE-2023-25607

CWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 64.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet FortiadcFortinet FortianalyzerFortinet Fortimanager
Timeline
PublishedOct 10

Description

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker wi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5fortinet/fortiadc7.0.07.0.3+4
NVDfortinet/fortiadc6.0.06.0.4+4
CVEListV5fortinet/fortimanager7.2.07.2.2+4
NVDfortinet/fortimanager6.0.06.0.12+6
CVEListV5fortinet/fortianalyzer7.2.07.2.2+4

🔴Vulnerability Details

2
GHSA
GHSA-h23q-pvx6-9jxr: An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 72023-10-10
CVEList
CVE-2023-25607: An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 72023-10-10

📋Vendor Advisories

1
Fortinet
Command injection due to an unsafe usage of function2023-10-10
CVE-2023-25607 (HIGH CVSS 7.8) | An improper neutralization of speci | cvebase.io