Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-47539 (GCVE-0-2023-47539)
Vulnerability from cvelistv5 – Published: 2025-03-18 13:56 – Updated: 2025-03-19 03:55
VLAI?
EPSS
Summary
An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.
Severity ?
CWE
- CWE-284 - Improper access control
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T03:55:48.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:56:56.681Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-439",
"url": "https://fortiguard.com/psirt/FG-IR-23-439"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiMail version 7.4.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-47539",
"datePublished": "2025-03-18T13:56:56.681Z",
"dateReserved": "2023-11-06T10:35:25.828Z",
"dateUpdated": "2025-03-19T03:55:48.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-47539\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-03-18T14:15:37.830\",\"lastModified\":\"2025-07-24T19:11:16.637\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de control de acceso inadecuado en FortiMail versi\u00f3n 7.4.0 configurada con autenticaci\u00f3n RADIUS y remote_wildcard habilitado puede permitir que un atacante remoto no autenticado evite el inicio de sesi\u00f3n de administrador a trav\u00e9s de una solicitud HTTP manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D88B2A69-846E-4AFB-9E00-EBDC2A7015D5\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-439\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-47539\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T14:14:01.652470Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T14:14:23.788Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiMail\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiMail version 7.4.1 or above\"}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-439\", \"name\": \"https://fortiguard.com/psirt/FG-IR-23-439\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper access control\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-03-18T13:56:56.681Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-47539\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-19T03:55:48.590Z\", \"dateReserved\": \"2023-11-06T10:35:25.828Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-03-18T13:56:56.681Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2023-47539
Vulnerability from fkie_nvd - Published: 2025-03-18 14:15 - Updated: 2025-07-24 19:11
Severity ?
Summary
An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-439 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D88B2A69-846E-4AFB-9E00-EBDC2A7015D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en FortiMail versi\u00f3n 7.4.0 configurada con autenticaci\u00f3n RADIUS y remote_wildcard habilitado puede permitir que un atacante remoto no autenticado evite el inicio de sesi\u00f3n de administrador a trav\u00e9s de una solicitud HTTP manipulada."
}
],
"id": "CVE-2023-47539",
"lastModified": "2025-07-24T19:11:16.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-03-18T14:15:37.830",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-439"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
GSD-2023-47539
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-47539",
"id": "GSD-2023-47539"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-47539"
],
"id": "GSD-2023-47539",
"modified": "2023-12-13T01:20:51.624511Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-47539",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
GHSA-52GF-54F2-3825
Vulnerability from github – Published: 2025-03-18 15:30 – Updated: 2025-03-18 15:30
VLAI?
Details
An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2023-47539"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-18T14:15:37Z",
"severity": "CRITICAL"
},
"details": "An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.",
"id": "GHSA-52gf-54f2-3825",
"modified": "2025-03-18T15:30:47Z",
"published": "2025-03-18T15:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47539"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-439"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2023-AVI-1018
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS), une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiTester 3.8.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.1.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.7.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.6.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.0.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.5.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.3.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.6.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.1.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.4.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.4.x toutes versions | ||
| Fortinet | N/A | FortiVoice versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | N/A | FortiTester 7.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.9.x toutes versions | ||
| Fortinet | N/A | FortiNDR versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiTester 2.5.x toutes versions | ||
| Fortinet | N/A | FortiWLM versions 8.6.x antérieures à 8.6.6 | ||
| Fortinet | N/A | FortiTester 2.8.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.7.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.3.x toutes versions | ||
| Fortinet | N/A | FortiTester 7.2.x toutes versions | ||
| Fortinet | N/A | FortiNDR versions 7.1.x antérieures à 7.1.1 | ||
| Fortinet | N/A | FortiTester 3.0.x toutes versions | ||
| Fortinet | N/A | FortiVoice versions 6.4.x antérieures à 6.4.8 | ||
| Fortinet | N/A | FortiTester 3.4.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.5.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.3.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.1.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.9.x toutes versions | ||
| Fortinet | N/A | FortiTester 7.1.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiPAM | FortiPAM 1.0.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiADC | FortiADC 6.0.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 6.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 6.2.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiWeb | FortiWeb 7.0.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiOS | FortiOS 7.0.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.13 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.0.x antérieures à 3.0.4 | ||
| Fortinet | FortiSandbox | FortiSandbox 3.2.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.2.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.0.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 3.1.x toutes versions | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.1 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.2 | ||
| Fortinet | FortiMail | FortiMail 6.0.x toutes versions | ||
| Fortinet | FortiMail | FortiMail 6.2.x toutes versions | ||
| Fortinet | FortiSwitch | FortiSwitch 6.0.x toutes versions | ||
| Fortinet | FortiSwitch | FortiSwitch 6.2.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder 2.7.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder 2.6.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.16 | ||
| Fortinet | FortiOS | FortiOS 6.0.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiOS | FortiOS 6.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.12 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiADC | FortiADC 7.0.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 6.2.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 7.1.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiWeb | FortiWeb 6.3.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiTester 3.8.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.7.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.6.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.6.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.9.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.8.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.7.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.9.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.0.x toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.2.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.0.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.2.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.2.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.0.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.1.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.0.x toutes versions",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.2.x toutes versions",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch 6.0.x toutes versions",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch 6.2.x toutes versions",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder 2.7.x toutes versions",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder 2.6.x toutes versions",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.4.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.2.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.3.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-47536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47536"
},
{
"name": "CVE-2023-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47539"
},
{
"name": "CVE-2023-40716",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40716"
},
{
"name": "CVE-2023-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41678"
},
{
"name": "CVE-2023-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46713"
},
{
"name": "CVE-2023-48782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48782"
},
{
"name": "CVE-2023-41844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41844"
},
{
"name": "CVE-2023-41673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41673"
},
{
"name": "CVE-2022-27488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27488"
},
{
"name": "CVE-2023-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48791"
},
{
"name": "CVE-2023-36639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
},
{
"name": "CVE-2023-45587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45587"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune injection de code indirecte \u00e0 distance (XSS), une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-138 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-270 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-270"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-214 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-196 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-196"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-360 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-360"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-439 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-439"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-425 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-425"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-038 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-038"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-256 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-256"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-345 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-345"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-432 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-432"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-450 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
}
]
}
CERTFR-2023-AVI-1018
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS), une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiTester 3.8.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.1.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.7.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.6.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.0.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.5.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.3.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.6.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.1.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.4.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.4.x toutes versions | ||
| Fortinet | N/A | FortiVoice versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | N/A | FortiTester 7.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.9.x toutes versions | ||
| Fortinet | N/A | FortiNDR versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiTester 2.5.x toutes versions | ||
| Fortinet | N/A | FortiWLM versions 8.6.x antérieures à 8.6.6 | ||
| Fortinet | N/A | FortiTester 2.8.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.7.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.3.x toutes versions | ||
| Fortinet | N/A | FortiTester 7.2.x toutes versions | ||
| Fortinet | N/A | FortiNDR versions 7.1.x antérieures à 7.1.1 | ||
| Fortinet | N/A | FortiTester 3.0.x toutes versions | ||
| Fortinet | N/A | FortiVoice versions 6.4.x antérieures à 6.4.8 | ||
| Fortinet | N/A | FortiTester 3.4.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.5.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.3.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.1.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.9.x toutes versions | ||
| Fortinet | N/A | FortiTester 7.1.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiPAM | FortiPAM 1.0.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiADC | FortiADC 6.0.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 6.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 6.2.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiWeb | FortiWeb 7.0.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiOS | FortiOS 7.0.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.13 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.0.x antérieures à 3.0.4 | ||
| Fortinet | FortiSandbox | FortiSandbox 3.2.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.2.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.0.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 3.1.x toutes versions | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.1 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.2 | ||
| Fortinet | FortiMail | FortiMail 6.0.x toutes versions | ||
| Fortinet | FortiMail | FortiMail 6.2.x toutes versions | ||
| Fortinet | FortiSwitch | FortiSwitch 6.0.x toutes versions | ||
| Fortinet | FortiSwitch | FortiSwitch 6.2.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder 2.7.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder 2.6.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.16 | ||
| Fortinet | FortiOS | FortiOS 6.0.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiOS | FortiOS 6.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.12 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiADC | FortiADC 7.0.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 6.2.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 7.1.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiWeb | FortiWeb 6.3.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiTester 3.8.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.7.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.6.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.6.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.9.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.8.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.7.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.9.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.0.x toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.2.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.0.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.2.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.2.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.0.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.1.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.0.x toutes versions",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.2.x toutes versions",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch 6.0.x toutes versions",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch 6.2.x toutes versions",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder 2.7.x toutes versions",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder 2.6.x toutes versions",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.4.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.2.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.3.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-47536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47536"
},
{
"name": "CVE-2023-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47539"
},
{
"name": "CVE-2023-40716",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40716"
},
{
"name": "CVE-2023-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41678"
},
{
"name": "CVE-2023-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46713"
},
{
"name": "CVE-2023-48782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48782"
},
{
"name": "CVE-2023-41844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41844"
},
{
"name": "CVE-2023-41673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41673"
},
{
"name": "CVE-2022-27488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27488"
},
{
"name": "CVE-2023-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48791"
},
{
"name": "CVE-2023-36639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
},
{
"name": "CVE-2023-45587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45587"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune injection de code indirecte \u00e0 distance (XSS), une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-138 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-270 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-270"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-214 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-196 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-196"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-360 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-360"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-439 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-439"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-425 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-425"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-038 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-038"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-256 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-256"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-345 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-345"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-432 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-432"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-450 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
}
]
}
WID-SEC-W-2023-3117
Vulnerability from csaf_certbund - Published: 2023-12-12 23:00 - Updated: 2023-12-12 23:00Summary
Fortinet FortiMail: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FortiMail ist eine Aplliance zum Schutz gegen die von E-Mails übertragenen Bedrohungen.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiMail ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FortiMail ist eine Aplliance zum Schutz gegen die von E-Mails \u00fcbertragenen Bedrohungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiMail ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3117 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3117.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3117 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3117"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory vom 2023-12-12",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-439"
}
],
"source_lang": "en-US",
"title": "Fortinet FortiMail: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2023-12-12T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:02:41.613+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-3117",
"initial_release_date": "2023-12-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fortinet FortiMail \u003c 7.4.1",
"product": {
"name": "Fortinet FortiMail \u003c 7.4.1",
"product_id": "T031627",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimail:7.4.1"
}
}
}
],
"category": "vendor",
"name": "Fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-47539",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Fortinet FortiMail. Dieser Fehler besteht in der RADIUS-Authentifizierung, wenn \"remote_wildcard\" aktiviert ist. Dies erm\u00f6glicht eine Anmeldung \u00fcber eine manipulierte HTTP-Anfrage. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"release_date": "2023-12-12T23:00:00.000+00:00",
"title": "CVE-2023-47539"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…