cvelistv5 - cve-2023-28000

CVE-2023-28000 (GCVE-0-2023-28000)

Vulnerability from cvelistv5

Published

2023-06-13 08:41

Modified

2024-10-23 14:26

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RC:R

CWE

CWE-78 - Execute unauthorized code or commands

Summary

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command.

References

URL

Tags

	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-23-107	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-23-107	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Fortinet	FortiADC	Version: 7.1.0 Version: 7.0.0 ≤ 7.0.3 Version: 6.2.0 ≤ 6.2.4 Version: 6.1.0 ≤ 6.1.6 Version: 6.0.0 ≤ 6.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-107",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-107"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:10:54.410766Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T14:26:03.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.4",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-13T08:41:47.901Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-107",
          "url": "https://fortiguard.com/psirt/FG-IR-23-107"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiADC version 7.1.1 or above Please upgrade to FortiADC version 7.0.4 or above Please upgrade to FortiADC version 6.2.5 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-28000",
    "datePublished": "2023-06-13T08:41:47.901Z",
    "dateReserved": "2023-03-09T10:09:33.120Z",
    "dateUpdated": "2024-10-23T14:26:03.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-28000\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2023-06-13T09:15:16.660\",\"lastModified\":\"2024-11-21T07:53:54.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.4\",\"matchCriteriaId\":\"3ADB57D8-1ABE-4401-B1B0-4640A34C555A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndIncluding\":\"6.1.6\",\"matchCriteriaId\":\"D31CF79E-6C56-4CD0-9DD2-FBB48D503786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.4\",\"matchCriteriaId\":\"33841D32-4756-42CD-8765-948EC5119512\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"4488C266-0436-40AD-BD99-A228787285AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B35D8D53-448B-474C-B7CB-324CB4ED7A82\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-107\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-107\", \"name\": \"https://fortiguard.com/psirt/FG-IR-23-107\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:23:30.855Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28000\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T14:10:54.410766Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:14:36.326Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiADC\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.1.0\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.3\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.4\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.6\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0.4\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiADC version 7.1.1 or above Please upgrade to FortiADC version 7.0.4 or above Please upgrade to FortiADC version 6.2.5 or above \"}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-107\", \"name\": \"https://fortiguard.com/psirt/FG-IR-23-107\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\\u00a0in diagnose system df CLI command.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2023-06-13T08:41:47.901Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-28000\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-23T14:26:03.944Z\", \"dateReserved\": \"2023-03-09T10:09:33.120Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2023-06-13T08:41:47.901Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2023-28000

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-28000

Aliases

CVE-2023-28000

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-28000",
    "id": "GSD-2023-28000"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-28000"
      ],
      "details": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command.",
      "id": "GSD-2023-28000",
      "modified": "2023-12-13T01:20:49.186707Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2023-28000",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiADC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.1.0"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "7.0.0",
                          "version_value": "7.0.3"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.2.0",
                          "version_value": "6.2.4"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.1.0",
                          "version_value": "6.1.6"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.0.0",
                          "version_value": "6.0.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-78",
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-107",
            "refsource": "MISC",
            "url": "https://fortiguard.com/psirt/FG-IR-23-107"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiADC version 7.1.1 or above Please upgrade to FortiADC version 7.0.4 or above Please upgrade to FortiADC version 6.2.5 or above "
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.4",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1.6",
                "versionStartIncluding": "6.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.4",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2023-28000"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-107",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-23-107"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-06-20T15:38Z",
      "publishedDate": "2023-06-13T09:15Z"
    }
  }
}

CERTFR-2023-AVI-0451

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.10
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.0.0
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiConverter versions 6.x antérieures à 6.2.2
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiNAC	FortiNAC versions 8.x à 9.1.x antérieures à 9.1.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.12
Fortinet	N/A	FortiADCManager versions 5.x à 7.0.x antérieures à 7.0.1
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.8
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.3
Fortinet	FortiOS	FortiOS versions 6.x à 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.12
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 6.4.x antérieures à 6.4.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiConverter versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS-6K7K versions 6.0.x antérieures à 6.0.17
Fortinet	FortiNAC	FortiNAC-F versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	FortiOS	FortiOS-6K7K versions 6.2.x antérieures à 6.2.15
Fortinet	FortiWeb	FortiWeb versions 6.x à 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.2
Fortinet	FortiOS	FortiOS-6K7K versions 6.4.x antérieures à 6.4.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS-6K7K versions 7.0.x antérieures à 7.0.12
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 5.x à 7.1.x antérieures à 7.1.3
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiADCManager versions antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-22-380 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-076 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-494 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-21-141 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-111 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-521 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-229 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-125 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-097 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-107 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-259 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-468 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-258 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-095 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-463 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-119 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-393 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-375 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-455 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-493 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-332 du 12 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 6.x ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.0.x ant\u00e9rieures \u00e0 6.0.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 5.x \u00e0 7.1.x ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.0.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25609"
    },
    {
      "name": "CVE-2023-22633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22633"
    },
    {
      "name": "CVE-2022-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39946"
    },
    {
      "name": "CVE-2022-42474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
    },
    {
      "name": "CVE-2022-42478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42478"
    },
    {
      "name": "CVE-2022-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33877"
    },
    {
      "name": "CVE-2023-27997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
    },
    {
      "name": "CVE-2023-26210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26210"
    },
    {
      "name": "CVE-2023-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
    },
    {
      "name": "CVE-2023-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
    },
    {
      "name": "CVE-2022-43949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43949"
    },
    {
      "name": "CVE-2023-29179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
    },
    {
      "name": "CVE-2023-33305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
    },
    {
      "name": "CVE-2023-29178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
    },
    {
      "name": "CVE-2022-41327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
    },
    {
      "name": "CVE-2023-26204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26204"
    },
    {
      "name": "CVE-2023-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
    },
    {
      "name": "CVE-2022-43953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
    },
    {
      "name": "CVE-2023-28000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28000"
    },
    {
      "name": "CVE-2023-29175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
    },
    {
      "name": "CVE-2023-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
    }
  ],
  "initial_release_date": "2023-06-13T00:00:00",
  "last_revision_date": "2023-06-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0451",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-380 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-380"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-076 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-076"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-494 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-21-141 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-111 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-111"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-521 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-521"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-229 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-229"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-125 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-097 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-097"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-107 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-107"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-259 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-259"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-468 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-468"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-258 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-095 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-095"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-463 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-463"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-119 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-393 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-393"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-375 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-375"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-455 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-493 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-332 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-332"
    }
  ]
}

fkie_cve-2023-28000

Vulnerability from fkie_nvd

Published

2023-06-13 09:15

Modified

2024-11-21 07:53

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-23-107	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-23-107	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	7.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ADB57D8-1ABE-4401-B1B0-4640A34C555A",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31CF79E-6C56-4CD0-9DD2-FBB48D503786",
              "versionEndIncluding": "6.1.6",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33841D32-4756-42CD-8765-948EC5119512",
              "versionEndIncluding": "6.2.4",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4488C266-0436-40AD-BD99-A228787285AB",
              "versionEndIncluding": "7.0.3",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35D8D53-448B-474C-B7CB-324CB4ED7A82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command."
    }
  ],
  "id": "CVE-2023-28000",
  "lastModified": "2024-11-21T07:53:54.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-13T09:15:16.660",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-23-107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-23-107"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-hjgm-9q5v-h5gr

Vulnerability from github

Published

2023-06-13 09:30

Modified

2024-04-04 04:45

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-28000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T09:15:16Z",
    "severity": "HIGH"
  },
  "details": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command.",
  "id": "GHSA-hjgm-9q5v-h5gr",
  "modified": "2024-04-04T04:45:41Z",
  "published": "2023-06-13T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28000"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-23-107"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-28000 (GCVE-0-2023-28000)

Vulnerability from cvelistv5

gsd-2023-28000

Vulnerability from gsd

CERTFR-2023-AVI-0451

Vulnerability from certfr_avis

Solution

fkie_cve-2023-28000

Vulnerability from fkie_nvd

ghsa-hjgm-9q5v-h5gr

Vulnerability from github

Tags

Sightings

Nomenclature