Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-46713 (GCVE-0-2023-46713)
Vulnerability from cvelistv5
Published
2023-12-13 06:41
Modified
2024-08-02 20:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-117 - Information disclosure
Summary
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-256",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.23",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.8",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T06:41:18.704Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-256",
"url": "https://fortiguard.com/psirt/FG-IR-23-256"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiWeb version 7.4.1 or above \nPlease upgrade to FortiWeb version 7.2.6 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-46713",
"datePublished": "2023-12-13T06:41:18.704Z",
"dateReserved": "2023-10-25T08:43:15.289Z",
"dateUpdated": "2024-08-02T20:53:21.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-46713\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2023-12-13T07:15:24.547\",\"lastModified\":\"2024-11-21T08:29:08.233\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.\"},{\"lang\":\"es\",\"value\":\"Una neutralizaci\u00f3n de salida inadecuada para los registros en Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 y 7.4.0 puede permitir que un atacante falsifique registros de tr\u00e1fico a trav\u00e9s de una URL manipulada de la aplicaci\u00f3n web.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-117\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.8\",\"matchCriteriaId\":\"B780406C-A6CC-40A8-BB80-2BFBC0E39F7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndIncluding\":\"6.3.23\",\"matchCriteriaId\":\"29BAA789-62A7-4040-B6F7-8E70FFBA0399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.9\",\"matchCriteriaId\":\"BE91BE98-9518-48C1-8063-5F6A8AE50A73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.5\",\"matchCriteriaId\":\"7700D448-6A28-4033-9383-B42FA04DCBFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5E0DF8E-3272-4302-A1A0-F7981E383E47\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-256\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2023-46713
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-46713",
"id": "GSD-2023-46713"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-46713"
],
"details": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.",
"id": "GSD-2023-46713",
"modified": "2023-12-13T01:20:53.396713Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2023-46713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.0"
},
{
"version_affected": "\u003c=",
"version_name": "7.2.0",
"version_value": "7.2.5"
},
{
"version_affected": "\u003c=",
"version_name": "7.0.0",
"version_value": "7.0.10"
},
{
"version_affected": "\u003c=",
"version_name": "6.3.0",
"version_value": "6.3.23"
},
{
"version_affected": "\u003c=",
"version_name": "6.2.0",
"version_value": "6.2.8"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-117",
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-256",
"refsource": "MISC",
"url": "https://fortiguard.com/psirt/FG-IR-23-256"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiWeb version 7.4.1 or above \nPlease upgrade to FortiWeb version 7.2.6 or above \n"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B780406C-A6CC-40A8-BB80-2BFBC0E39F7D",
"versionEndIncluding": "6.2.8",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29BAA789-62A7-4040-B6F7-8E70FFBA0399",
"versionEndIncluding": "6.3.23",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE91BE98-9518-48C1-8063-5F6A8AE50A73",
"versionEndIncluding": "7.0.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7700D448-6A28-4033-9383-B42FA04DCBFB",
"versionEndIncluding": "7.2.5",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E0DF8E-3272-4302-A1A0-F7981E383E47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n de salida inadecuada para los registros en Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 y 7.4.0 puede permitir que un atacante falsifique registros de tr\u00e1fico a trav\u00e9s de una URL manipulada de la aplicaci\u00f3n web."
}
],
"id": "CVE-2023-46713",
"lastModified": "2023-12-19T18:59:02.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2023-12-13T07:15:24.547",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-256"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
}
}
}
wid-sec-w-2023-3118
Vulnerability from csaf_certbund
Published
2023-12-12 23:00
Modified
2023-12-12 23:00
Summary
Fortinet FortiWeb: Schwachstelle ermöglicht Manipulation von Dateien
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FortiWeb ist eine Web Application Firewall von Fortinet.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiWeb ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FortiWeb ist eine Web Application Firewall von Fortinet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiWeb ausnutzen, um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3118 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3118.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3118 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3118"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory vom 2023-12-12",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-256"
}
],
"source_lang": "en-US",
"title": "Fortinet FortiWeb: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2023-12-12T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:02:41.790+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-3118",
"initial_release_date": "2023-12-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fortinet FortiWeb \u003c 7.2.6",
"product": {
"name": "Fortinet FortiWeb \u003c 7.2.6",
"product_id": "T031622",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortiweb:7.2.6"
}
}
},
{
"category": "product_name",
"name": "Fortinet FortiWeb \u003c 7.4.1",
"product": {
"name": "Fortinet FortiWeb \u003c 7.4.1",
"product_id": "T031623",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortiweb:7.4.1"
}
}
}
],
"category": "product_name",
"name": "FortiWeb"
}
],
"category": "vendor",
"name": "Fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46713",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Fortinet FortiWeb. Dieser Fehler besteht in der \"Traffic Log\" Komponente aufgrund einer unsachgem\u00e4\u00dfen Neutralisierung ausgehender Protokolle, die es erm\u00f6glicht, Verkehrsprotokolle \u00fcber eine manipulierte URL der Webanwendung zu f\u00e4lschen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
}
],
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2023-46713"
}
]
}
WID-SEC-W-2023-3118
Vulnerability from csaf_certbund
Published
2023-12-12 23:00
Modified
2023-12-12 23:00
Summary
Fortinet FortiWeb: Schwachstelle ermöglicht Manipulation von Dateien
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FortiWeb ist eine Web Application Firewall von Fortinet.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiWeb ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FortiWeb ist eine Web Application Firewall von Fortinet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiWeb ausnutzen, um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3118 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3118.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3118 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3118"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory vom 2023-12-12",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-256"
}
],
"source_lang": "en-US",
"title": "Fortinet FortiWeb: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2023-12-12T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:02:41.790+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-3118",
"initial_release_date": "2023-12-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fortinet FortiWeb \u003c 7.2.6",
"product": {
"name": "Fortinet FortiWeb \u003c 7.2.6",
"product_id": "T031622",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortiweb:7.2.6"
}
}
},
{
"category": "product_name",
"name": "Fortinet FortiWeb \u003c 7.4.1",
"product": {
"name": "Fortinet FortiWeb \u003c 7.4.1",
"product_id": "T031623",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortiweb:7.4.1"
}
}
}
],
"category": "product_name",
"name": "FortiWeb"
}
],
"category": "vendor",
"name": "Fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46713",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Fortinet FortiWeb. Dieser Fehler besteht in der \"Traffic Log\" Komponente aufgrund einer unsachgem\u00e4\u00dfen Neutralisierung ausgehender Protokolle, die es erm\u00f6glicht, Verkehrsprotokolle \u00fcber eine manipulierte URL der Webanwendung zu f\u00e4lschen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
}
],
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2023-46713"
}
]
}
ghsa-f8xj-xxr8-6q36
Vulnerability from github
Published
2023-12-13 09:30
Modified
2023-12-13 09:30
Severity ?
VLAI Severity ?
Details
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.
{
"affected": [],
"aliases": [
"CVE-2023-46713"
],
"database_specific": {
"cwe_ids": [
"CWE-117"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-13T07:15:24Z",
"severity": "MODERATE"
},
"details": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.",
"id": "GHSA-f8xj-xxr8-6q36",
"modified": "2023-12-13T09:30:32Z",
"published": "2023-12-13T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46713"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-256"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
CERTFR-2023-AVI-1018
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS), une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiMail | FortiMail 6.0.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiTester 2.6.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.1.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.0.x antérieures à 3.0.4 | ||
| Fortinet | N/A | FortiTester 3.5.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiOS | FortiOS 6.4.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 7.0.x toutes versions | ||
| Fortinet | FortiSwitch | FortiSwitch 6.2.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 6.2.x toutes versions | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiRecorder | FortiRecorder 2.6.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.2.x toutes versions | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiADC | FortiADC 6.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 7.1.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 6.0.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder 2.7.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 3.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC 7.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.5.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox 4.0.x toutes versions | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiTester 3.9.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.1.x toutes versions | ||
| Fortinet | N/A | FortiNDR versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiSandbox | FortiSandbox 3.2.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.2.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.7.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 7.1.x toutes versions | ||
| Fortinet | FortiMail | FortiMail 6.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.16 | ||
| Fortinet | FortiWeb | FortiWeb 6.3.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | N/A | FortiTester 2.7.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | N/A | FortiTester 2.3.x toutes versions | ||
| Fortinet | N/A | FortiVoice versions 6.4.x antérieures à 6.4.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | N/A | FortiTester 2.8.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.3.x toutes versions | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiNDR versions 7.1.x antérieures à 7.1.1 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.1 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | N/A | FortiTester 7.2.x toutes versions | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiSwitch | FortiSwitch 6.0.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | N/A | FortiTester 2.9.x toutes versions | ||
| Fortinet | N/A | FortiVoice versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | FortiADC | FortiADC 6.1.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.13 | ||
| Fortinet | FortiPAM | FortiPAM 1.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.12 | ||
| Fortinet | N/A | FortiTester 4.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.1.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.5.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 6.2.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.4.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.2 | ||
| Fortinet | N/A | FortiTester 3.8.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.6.x toutes versions | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.3 | ||
| Fortinet | N/A | FortiTester 3.3.x toutes versions | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | N/A | FortiTester 3.0.x toutes versions | ||
| Fortinet | N/A | FortiWLM versions 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiSandbox | FortiSandbox 4.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 7.0.x toutes versions |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.0.x toutes versions",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.6.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.4.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.0.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch 6.2.x toutes versions",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.2.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder 2.6.x toutes versions",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder 2.7.x toutes versions",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.1.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.0.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.9.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.2.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.7.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.2.x toutes versions",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.3.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.7.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.8.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch 6.0.x toutes versions",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.9.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.0.x toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.2.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.8.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.6.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.2.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-47536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47536"
},
{
"name": "CVE-2023-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47539"
},
{
"name": "CVE-2023-40716",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40716"
},
{
"name": "CVE-2023-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41678"
},
{
"name": "CVE-2023-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46713"
},
{
"name": "CVE-2023-48782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48782"
},
{
"name": "CVE-2023-41844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41844"
},
{
"name": "CVE-2023-41673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41673"
},
{
"name": "CVE-2022-27488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27488"
},
{
"name": "CVE-2023-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48791"
},
{
"name": "CVE-2023-36639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
},
{
"name": "CVE-2023-45587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45587"
}
],
"initial_release_date": "2023-12-13T00:00:00",
"last_revision_date": "2023-12-13T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune injection de code indirecte \u00e0 distance (XSS), une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-138 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-270 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-270"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-214 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-196 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-196"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-360 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-360"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-439 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-439"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-425 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-425"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-038 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-038"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-256 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-256"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-345 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-345"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-432 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-432"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-450 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
}
]
}
fkie_cve-2023-46713
Vulnerability from fkie_nvd
Published
2023-12-13 07:15
Modified
2024-11-21 08:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-256 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-23-256 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B780406C-A6CC-40A8-BB80-2BFBC0E39F7D",
"versionEndIncluding": "6.2.8",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29BAA789-62A7-4040-B6F7-8E70FFBA0399",
"versionEndIncluding": "6.3.23",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE91BE98-9518-48C1-8063-5F6A8AE50A73",
"versionEndIncluding": "7.0.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7700D448-6A28-4033-9383-B42FA04DCBFB",
"versionEndIncluding": "7.2.5",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E0DF8E-3272-4302-A1A0-F7981E383E47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n de salida inadecuada para los registros en Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 y 7.4.0 puede permitir que un atacante falsifique registros de tr\u00e1fico a trav\u00e9s de una URL manipulada de la aplicaci\u00f3n web."
}
],
"id": "CVE-2023-46713",
"lastModified": "2024-11-21T08:29:08.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T07:15:24.547",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-256"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…