{"vulnerability": "cve-2023-4278", "sightings": [{"uuid": "00a21886-adec-44f4-b7ac-be3a4a26a490", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42786", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827177990261161", "content": "", "creation_timestamp": "2025-01-14T14:28:18.933418Z"}, {"uuid": "8a1cd199-aa31-4087-afd6-ea4002290cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42786", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113827196329836553", "content": "", "creation_timestamp": "2025-01-14T14:32:58.921686Z"}, {"uuid": "62363337-496e-4013-b2a0-6903560f42ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42785", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827118967213311", "content": "", "creation_timestamp": "2025-01-14T14:13:18.555601Z"}, {"uuid": "279a8333-a74e-43ab-8f46-61d24f3d6dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42786", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpgu766kw2f", "content": "", "creation_timestamp": "2025-01-14T14:16:18.158069Z"}, {"uuid": "d4e913d8-593f-4cac-b20c-f0f443516d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42785", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpgu4rtxm2j", "content": "", "creation_timestamp": "2025-01-14T14:16:15.631897Z"}, {"uuid": "fdbcfa36-fb47-45ff-beee-3415a7a5149d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42784", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk4nsrg5vm2m", "content": "", "creation_timestamp": "2025-03-11T18:06:09.881414Z"}, {"uuid": "898e5bbd-2563-4270-9957-50705b02e2d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42789", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6793", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aExploit new CVE-2023-42789 Fortinet FortiOS FortiProxy ----> RCE\nURL\uff1ahttps://github.com/CrimBit/CVE-2023-42789-POC\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-03-12T16:47:55.000000Z"}, {"uuid": "579a7e50-806b-4a91-bde4-234fb94e5239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42788", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lrrqraaloss2", "content": "", "creation_timestamp": "2025-06-17T05:21:22.309883Z"}, {"uuid": "dcef51b0-1d78-456e-94ff-e7c2c12d08fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42789", "type": "seen", "source": "https://gist.github.com/passwa11/8a5c61b232776d830c9c077e7eecf3b6", "content": "", "creation_timestamp": "2025-06-26T12:25:46.000000Z"}, {"uuid": "bb3c4505-3d36-4a8a-ac24-1d5bb4d37d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42784", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "ddf290df-5ef1-4fe3-9879-be6d3d525eb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42788", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lscijnaqx7j2", "content": "", "creation_timestamp": "2025-06-23T21:10:05.510345Z"}, {"uuid": "bf0301fa-2427-492a-8a5b-111494c3bb6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42788", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lscociwkzod2", "content": "", "creation_timestamp": "2025-06-23T22:54:18.648719Z"}, {"uuid": "8c1aa6db-0dbd-41c7-b427-96290ca3ca1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-42789", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1246", "content": "", "creation_timestamp": "2024-03-13T04:00:00.000000Z"}, {"uuid": "6b3c0137-fa76-4cc3-ae78-82e7b73311af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42784", "type": "seen", "source": "https://t.me/cvedetector/20104", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-42784 - Fortinet FortiWeb HTTP/HTTPS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2023-42784 \nPublished : March 11, 2025, 3:15 p.m. | 1\u00a0hour ago \nDescription : An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests. \nSeverity: 5.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T17:37:54.000000Z"}, {"uuid": "b6eed30c-ef00-4708-bfbb-ec0679c76b48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42786", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1611", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-42786\n\ud83d\udd39 Description: A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.\n\ud83d\udccf Published: 2025-01-14T14:08:51.276Z\n\ud83d\udccf Modified: 2025-01-14T20:56:06.441Z\n\ud83d\udd17 References:\n1. https://fortiguard.fortinet.com/psirt/FG-IR-23-293", "creation_timestamp": "2025-01-14T21:11:02.000000Z"}, {"uuid": "5a5db660-df8a-442e-a336-48690f50ba4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42785", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1608", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-42785\n\ud83d\udd39 Description: A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.\n\ud83d\udccf Published: 2025-01-14T14:08:47.926Z\n\ud83d\udccf Modified: 2025-01-14T20:56:29.240Z\n\ud83d\udd17 References:\n1. https://fortiguard.fortinet.com/psirt/FG-IR-23-293", "creation_timestamp": "2025-01-14T21:10:24.000000Z"}, {"uuid": "5f7e1ab3-f47c-4211-8f1c-7454f9eef892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42784", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-42784\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X)\n\ud83d\udd39 Description: An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.\n\ud83d\udccf Published: 2025-03-11T14:54:28.924Z\n\ud83d\udccf Modified: 2025-03-11T16:10:57.143Z\n\ud83d\udd17 References:\n1. https://fortiguard.fortinet.com/psirt/FG-IR-23-115", "creation_timestamp": "2025-03-11T16:40:24.000000Z"}, {"uuid": "a7e88833-747b-44bc-9edc-6991235aceb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42780", "type": "seen", "source": "https://t.me/arpsyndicate/834", "content": "#ExploitObserverAlert\n\nCVE-2023-42780\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42780. Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.\n\nFIRST-EPSS: 0.000450000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2023-12-01T07:02:55.000000Z"}, {"uuid": "79acc28d-b425-44ae-92e4-7d0ae3ac1b30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42789", "type": "seen", "source": "https://t.me/arpsyndicate/4194", "content": "#ExploitObserverAlert\n\nCVE-2023-42789\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-42789. A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.", "creation_timestamp": "2024-03-13T22:11:00.000000Z"}, {"uuid": "b5e82ee3-d5fd-4293-a6dd-84c5aebc23d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42789", "type": "seen", "source": "https://t.me/ctinow/206355", "content": "https://ift.tt/m49PjwG\nCVE-2023-42789 Exploit", "creation_timestamp": "2024-03-13T03:16:52.000000Z"}, {"uuid": "1f01ac0b-f4a3-4223-9789-26c6ae1769c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42789", "type": "seen", "source": "https://t.me/CyberSecurityIL/40612", "content": "\u05d4\u05ea\u05d2\u05e2\u05d2\u05e2\u05ea\u05dd? \u05d7\u05d5\u05dc\u05e9\u05d4 \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05d7\u05d3\u05e9\u05d4 \u05d1\u05de\u05d5\u05e6\u05e8\u05d9\u05dd \u05e9\u05dc Forti.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d4\u05e7\u05e8\u05d9\u05d8\u05d9\u05ea - CVE-2023-42789 \u05e7\u05d9\u05d9\u05de\u05ea \u05d1\u05d2\u05e8\u05e1\u05d0\u05d5\u05ea \u05d4\u05d1\u05d0\u05d5\u05ea:\n\n- FortiOS version 7.4.0 through 7.4.1\n- FortiOS version 7.2.0 through 7.2.5\n- FortiOS version 7.0.0 through 7.0.12\n- FortiOS version 6.4.0 through 6.4.14\n- FortiOS version 6.2.0 through 6.2.15\n- FortiProxy version 7.4.0\n- FortiProxy version 7.2.0 through 7.2.6\n- FortiProxy version 7.0.0 through 7.0.12\n- FortiProxy version 2.0.0 through 2.0.13\n\u05d0\u05dd \u05d0\u05d7\u05ea \u05d4\u05d2\u05e8\u05e1\u05d0\u05ea \u05d4\u05d0\u05dc\u05d5 \u05e7\u05d9\u05d9\u05de\u05ea \u05d0\u05e6\u05dc\u05db\u05dd \u05ea\u05e9\u05d3\u05e8\u05d2\u05d5 \u05d1\u05d4\u05e7\u05d3\u05dd \u05dc\u05e4\u05d9 \u05d4\u05d5\u05e8\u05d0\u05d5\u05ea \u05d4\u05d9\u05e6\u05e8\u05df - \u05db\u05d0\u05df\n\n\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05e0\u05d5\u05e1\u05e4\u05ea \u05d1\u05de\u05d5\u05e6\u05e8 FortiClient Enterprise Management Server \u05e9\u05e4\u05d5\u05e8\u05e1\u05de\u05d4 \u05d4\u05d9\u05d5\u05dd, \u05e6\u05d9\u05e8\u05e4\u05ea\u05d9 \u05e7\u05d9\u05e9\u05d5\u05e8 \u05d1\u05ea\u05d2\u05d5\u05d1\u05d5\u05ea.\n\n\u05ea\u05d5\u05d3\u05d4 \u05dc\u05d0\u05d9\u05dc \u05de\u05d7\u05d1\u05e8\u05ea PreSale1 \u05e9\u05d3\u05d9\u05d5\u05d5\u05d7 \u05dc\u05d9 \u05e2\u05dc \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4.\n\nhttps://t.me/CyberSecurityIL/4811\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea", "creation_timestamp": "2024-03-13T22:18:45.000000Z"}, {"uuid": "57666418-4bf5-4dd7-b34e-687b23c3233a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42789", "type": "seen", "source": "https://t.me/true_secator/5516", "content": "Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 FortiOS, FortiProxy \u0438 FortiClientEMS.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 CVE-2023-42789, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u0432\u043d\u0435 \u0433\u0440\u0430\u043d\u0438\u0446 \u0432 FortiOS \u0438 FortiProxy, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0438\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Fortinet \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0440\u0435\u0448\u0435\u043d\u0430 \u0432 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 CVE-2023-42790, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0442\u0435\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a RCE.\n\n\u041e\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c FortiOS 7.4.2, 7.2.6, 7.0.13, 6.4.15 \u0438 6.2.16, \u0430 \u0442\u0430\u043a\u0436\u0435 FortiProxy 7.4.1, 7.2.7, 7.0.13 \u0438 2.0.14.\n\n\u0412\u0442\u043e\u0440\u043e\u0439 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0442\u044f\u0436\u0435\u0441\u0442\u0438 - CVE-2023-48788, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0432 FortiClientEMS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0438\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0440\u0435\u0448\u0435\u043d\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c FortiClientEMS 7.2.3 \u0438 7.0.11.\n\n\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e Fortinet \u043e\u0446\u0435\u043d\u0438\u043b \u043a\u0430\u043a CVE-2023-42789, \u0442\u0430\u043a \u0438 CVE-2023-48788 \u043d\u0430 9,3 \u043f\u043e CVSS, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a NIST NVD \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u0431\u0430 \u0441 CVSS 9,8.\n\nFortinet \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0440\u044f\u0434\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 FortiOS \u0438 FortiProxy (\u0432\u0435\u0434\u0443\u0449\u0443\u044e \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438), FortiClientEMS (\u0432\u0435\u0434\u0443\u0449\u0443\u044e \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u043c\u0430\u043d\u0434) \u0438 \u0432 FortiWLM MEA \u0434\u043b\u044f FortiManager (\u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a RCE).\n\n\u0425\u043e\u0442\u044f Fortinet \u0438 \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043d\u043e \u043c\u044b \u0442\u043e \u0437\u043d\u0430\u0435\u043c, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0435\u0438\u0437\u0431\u0435\u0436\u043d\u043e \u043f\u0440\u043e\u0438\u0437\u043e\u0439\u0434\u0435\u0442 \u0432 \u043f\u0435\u0440\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u0435, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u043d\u0430 \u0442\u0430\u043a\u0438\u0435 \u0430\u043a\u0442\u0438\u0432\u044b, \u0432\u0435\u0434\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u043f\u0440\u0435\u043f\u0430\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2024-03-13T15:30:05.000000Z"}, {"uuid": "9846755f-43d4-4bd2-bad9-11f7c0b203d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42780", "type": "seen", "source": "https://t.me/cibsecurity/72284", "content": "\u203c CVE-2023-42780 \u203c\n\nApache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-14T14:29:51.000000Z"}, {"uuid": "7a70af9a-a067-45c9-b498-3ec41da29f83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42787", "type": "seen", "source": "https://t.me/ctinow/157640", "content": "https://ift.tt/xUijpv7\nCVE-2023-42787 Exploit", "creation_timestamp": "2023-12-21T12:18:54.000000Z"}, {"uuid": "5c179f63-87b9-40a5-b191-0387a1e6aac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42788", "type": "seen", "source": "https://t.me/ctinow/167649", "content": "https://ift.tt/iA8SInM\nCVE-2023-42788 Exploit", "creation_timestamp": "2024-01-13T01:31:59.000000Z"}, {"uuid": "176524ee-76e0-457c-a7a8-7c8c012288c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42789", "type": "seen", "source": "https://t.me/ctinow/205818", "content": "https://ift.tt/Wx8HZBt\nCVE-2023-42789", "creation_timestamp": "2024-03-12T16:32:03.000000Z"}, {"uuid": "eb25eedf-c5ca-4c46-a468-5b9a47739b4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42789", "type": "seen", "source": "https://t.me/ctinow/205802", "content": "https://ift.tt/Wx8HZBt\nCVE-2023-42789", "creation_timestamp": "2024-03-12T16:26:35.000000Z"}, {"uuid": "41d404f0-0467-45fe-aeb6-ad81303b982a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42782", "type": "seen", "source": "https://t.me/cibsecurity/71979", "content": "\u203c CVE-2023-42782 \u203c\n\nA insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T20:17:01.000000Z"}, {"uuid": "5a33c5a8-64f5-434c-9c69-7cf93ffdfcdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42788", "type": "seen", "source": "https://t.me/cibsecurity/71978", "content": "\u203c CVE-2023-42788 \u203c\n\nAn improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T20:17:00.000000Z"}, {"uuid": "32958814-436e-40b0-85d3-00eded6c690d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42787", "type": "seen", "source": "https://t.me/cibsecurity/71971", "content": "\u203c CVE-2023-42787 \u203c\n\nA client-side enforcement of server-side security [CWE-602] vulnerability\u00c2\u00a0in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T20:16:52.000000Z"}]}