CVE-2023-42791

HIGH

Fortinet Fortimanager < 6.2.12 - Path Traversal

Title source: rule

Description

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Exploits (1)

nomisec WORKING POC 6 stars

by synacktiv · poc

https://github.com/synacktiv/CVE-2023-42791_CVE-2024-23666

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-23-189

Scores

CVSS v3 8.8

EPSS 0.1437

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-22 CWE-23

Status published

Affected Products (2)

fortinet/fortimanager < 6.2.12

fortinet/fortimanager

Timeline

Published Feb 20, 2024

Tracked Since Feb 18, 2026