CVE-2023-41842

MEDIUM

Fortinet Fortianalyzer < 7.0.10 - Format String Vulnerability

Title source: rule
STIX 2.1

Description

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

References (1)

Scores

CVSS v3 6.7
EPSS 0.0007
EPSS Percentile 22.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-134
Status published
Products (5)
fortinet/fortianalyzer 6.2.0 - 7.0.10
fortinet/fortianalyzer_big_data 6.2.5
fortinet/fortianalyzer_big_data 6.4.5 - 6.4.7
fortinet/fortimanager 6.2.0 - 7.0.10
fortinet/fortiportal 5.3.0 - 6.0.15
Published Mar 12, 2024
Tracked Since Feb 18, 2026