CVE-2023-41842
MEDIUMFortinet FortiAnalyzer 6.2.0-6.4.7 & FortiManager 6.2.0-7.0.10 - Remote Code Execution via Format String Injection
Title source: llmDescription
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-304
Scores
CVSS v3
6.7
EPSS
0.0022
EPSS Percentile
13.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-134
Status
published
Products (5)
fortinet/fortianalyzer
6.2.0 - 7.0.10
fortinet/fortianalyzer_big_data
6.2.5
fortinet/fortianalyzer_big_data
6.4.5 - 6.4.7
fortinet/fortimanager
6.2.0 - 7.0.10
fortinet/fortiportal
5.3.0 - 6.0.15
Published
Mar 12, 2024
Tracked Since
Feb 18, 2026