CVE-2023-41838

HIGH

Fortinet Fortianalyzer < 6.2.11 - OS Command Injection

Title source: rule

Description

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-169

Scores

CVSS v3 7.1

EPSS 0.0023

EPSS Percentile 45.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-78

Status published

Products (4)

fortinet/fortianalyzer 7.4.0

fortinet/fortianalyzer 6.2.0 - 6.2.11

fortinet/fortimanager 7.4.0

fortinet/fortimanager 6.2.0 - 6.2.11

Published Oct 10, 2023

Tracked Since Feb 18, 2026