CVE-2023-41677

HIGH

Fortinet FortiProxy/FortiOS <7.4.1 - RCE

Title source: llm

Description

A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-23-493

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 47.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (2)

fortinet/fortiproxy < 7.0.14

fortinet/fortios < 6.2.16

Timeline

Published Apr 09, 2024

Tracked Since Feb 18, 2026