CVE-2023-42791

HIGH

Fortinet FortiManager Path Traversal via Crafted HTTP Requests

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-42791. PoCs published by synacktiv.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2023-42791 and CVE-2024-23666, targeting FortiManager. The exploits include RCE via file upload and SSH access to managed FortiGate devices, leveraging insufficient authorization checks and unrestricted file upload vulnerabilities.

Description

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Exploits (1)

nomisec WORKING POC 6 stars
by synacktiv · poc
https://github.com/synacktiv/CVE-2023-42791_CVE-2024-23666

This repository contains functional exploit code for CVE-2023-42791 and CVE-2024-23666, targeting FortiManager. The exploits include RCE via file upload and SSH access to managed FortiGate devices, leveraging insufficient authorization checks and unrestricted file upload vulnerabilities.

Classification
Working Poc 100%
Attack Type
Rce | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: FortiManager (versions ≤ 7.4.0, ≤ 7.2.3, ≤ 7.0.8, ≤ 6.4.12, ≤ 6.2.11)
Auth required
Prerequisites: Valid credentials for FortiManager · Network access to the target · Compiled malicious library for RCE
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0418
EPSS Percentile 89.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-22 CWE-23
Status published
Products (2)
fortinet/fortimanager 7.4.0
fortinet/fortimanager 6.2.0 - 6.2.12
Published Feb 20, 2024
Tracked Since Feb 18, 2026