CVE-2023-45590

CWE-94Code Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.8%
top 26.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientlinux
Timeline
PublishedApr 9

Description

An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

CVEListV5fortinet/forticlientlinux7.0.67.0.10+2
NVDfortinet/forticlient7.0.67.0.11+3

🔴Vulnerability Details

2
CVEList
CVE-2023-45590: An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 72024-04-09
GHSA
GHSA-rfj2-jrc4-h4mr: An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 72024-04-09

📋Vendor Advisories

1
Fortinet
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7...2024-04-09
CVE-2023-45590 (HIGH CVSS 8.8) | An improper control of generation o | cvebase.io