cvelistv5 - CVE-2023-48790

CVE-2023-48790 (GCVE-0-2023-48790)

Vulnerability from cvelistv5 – Published: 2025-03-11 14:54 – Updated: 2025-03-11 16:05

Summary

A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X

CWE

CWE-352 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-23-353

Impacted products

	Vendor	Product	Version
	Fortinet	FortiNDR	Affected: 7.4.0 Affected: 7.2.0 , ≤ 7.2.1 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-48790",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T16:03:35.954580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T16:05:58.718Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T14:54:31.599Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiNDR version 7.4.1 or above \nPlease upgrade to FortiNDR version 7.2.2 or above \nPlease upgrade to FortiNDR version 7.1.2 or above \nPlease upgrade to FortiNDR version 7.0.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-48790",
    "datePublished": "2025-03-11T14:54:31.599Z",
    "dateReserved": "2023-11-19T19:58:38.554Z",
    "dateUpdated": "2025-03-11T16:05:58.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-48790\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-03-11T15:15:40.227\",\"lastModified\":\"2025-07-22T21:22:45.563\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Cross-Site Request Forgery [CWE-352] en Fortinet FortiNDR versi\u00f3n 7.4.0, 7.2.0 a 7.2.1 y 7.1.0 a 7.1.1 y anteriores a 7.0.5 puede permitir que un atacante remoto no autenticado ejecute acciones no autorizadas a trav\u00e9s de solicitudes HTTP GET manipuladas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndExcluding\":\"7.0.6\",\"matchCriteriaId\":\"C41E06C7-CAA4-41C3-98CF-E8A277809E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.1.2\",\"matchCriteriaId\":\"E01D5B72-84FE-491A-9CE4-103B3DD3A0BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.2\",\"matchCriteriaId\":\"960E2185-DD32-44A1-BF36-9B9C02ABE650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"086FE30C-813B-4990-BBDA-010CB3EBC6EA\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-23-353\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48790\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-11T16:03:35.954580Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-11T16:03:37.344Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [], \"vendor\": \"Fortinet\", \"product\": \"FortiNDR\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.1\"}, {\"status\": \"affected\", \"version\": \"7.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.1.1\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.5\"}, {\"status\": \"affected\", \"version\": \"1.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.5.3\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiNDR version 7.4.1 or above \\nPlease upgrade to FortiNDR version 7.2.2 or above \\nPlease upgrade to FortiNDR version 7.1.2 or above \\nPlease upgrade to FortiNDR version 7.0.6 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-23-353\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-23-353\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-03-11T14:54:31.599Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-48790\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T16:05:58.718Z\", \"dateReserved\": \"2023-11-19T19:58:38.554Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-03-11T14:54:31.599Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0197

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiNDR	FortiNDR versions 7.1.x antérieures à 7.1.2
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.20
Fortinet	N/A	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.3.2
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.13
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.7
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.16
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.6
Fortinet	FortiNDR	FortiNDR versions 7.2.x antérieures à 7.2.2
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.1
Fortinet	FortiOS	FortiOS versions antérieures à 6.4.16
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiIsolator versions 2.4.x antérieures à 2.4.6
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.1
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-261	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-130	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-439	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-327	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-124	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-306	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-216	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-110	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-117	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-377	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-353	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-305	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-178	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-115	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-325	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-331	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-54026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
    },
    {
      "name": "CVE-2024-45328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
    },
    {
      "name": "CVE-2024-46663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
    },
    {
      "name": "CVE-2024-54018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
    },
    {
      "name": "CVE-2024-54027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
    },
    {
      "name": "CVE-2023-42784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
    },
    {
      "name": "CVE-2023-48790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
    },
    {
      "name": "CVE-2024-32123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
    },
    {
      "name": "CVE-2024-55590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
    },
    {
      "name": "CVE-2024-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
    },
    {
      "name": "CVE-2023-40723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
    },
    {
      "name": "CVE-2023-37933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
    },
    {
      "name": "CVE-2024-55597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
    },
    {
      "name": "CVE-2024-55592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
    },
    {
      "name": "CVE-2024-33501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
    },
    {
      "name": "CVE-2024-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
    },
    {
      "name": "CVE-2024-45324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
    },
    {
      "name": "CVE-2024-55594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0197",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
    }
  ]
}

CERTFR-2025-AVI-0197

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiNDR	FortiNDR versions 7.1.x antérieures à 7.1.2
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.20
Fortinet	N/A	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.3.2
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.13
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.7
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.16
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.6
Fortinet	FortiNDR	FortiNDR versions 7.2.x antérieures à 7.2.2
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.1
Fortinet	FortiOS	FortiOS versions antérieures à 6.4.16
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiIsolator versions 2.4.x antérieures à 2.4.6
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.1
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-261	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-130	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-439	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-327	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-124	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-306	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-216	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-110	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-117	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-377	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-353	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-305	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-178	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-115	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-325	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-331	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-54026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
    },
    {
      "name": "CVE-2024-45328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
    },
    {
      "name": "CVE-2024-46663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
    },
    {
      "name": "CVE-2024-54018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
    },
    {
      "name": "CVE-2024-54027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
    },
    {
      "name": "CVE-2023-42784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
    },
    {
      "name": "CVE-2023-48790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
    },
    {
      "name": "CVE-2024-32123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
    },
    {
      "name": "CVE-2024-55590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
    },
    {
      "name": "CVE-2024-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
    },
    {
      "name": "CVE-2023-40723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
    },
    {
      "name": "CVE-2023-37933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
    },
    {
      "name": "CVE-2024-55597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
    },
    {
      "name": "CVE-2024-55592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
    },
    {
      "name": "CVE-2024-33501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
    },
    {
      "name": "CVE-2024-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
    },
    {
      "name": "CVE-2024-45324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
    },
    {
      "name": "CVE-2024-55594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0197",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
    }
  ]
}

FKIE_CVE-2023-48790

Vulnerability from fkie_nvd - Published: 2025-03-11 15:15 - Updated: 2025-07-22 21:22

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-23-353	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortindr	*
fortinet	fortindr	*
fortinet	fortindr	*
fortinet	fortindr	7.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41E06C7-CAA4-41C3-98CF-E8A277809E15",
              "versionEndExcluding": "7.0.6",
              "versionStartIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01D5B72-84FE-491A-9CE4-103B3DD3A0BD",
              "versionEndExcluding": "7.1.2",
              "versionStartIncluding": "7.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "960E2185-DD32-44A1-BF36-9B9C02ABE650",
              "versionEndIncluding": "7.2.2",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "086FE30C-813B-4990-BBDA-010CB3EBC6EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Cross-Site Request Forgery [CWE-352] en Fortinet FortiNDR versi\u00f3n 7.4.0, 7.2.0 a 7.2.1 y 7.1.0 a 7.1.1 y anteriores a 7.0.5 puede permitir que un atacante remoto no autenticado ejecute acciones no autorizadas a trav\u00e9s de solicitudes HTTP GET manipuladas."
    }
  ],
  "id": "CVE-2023-48790",
  "lastModified": "2025-07-22T21:22:45.563",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-11T15:15:40.227",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

GSD-2023-48790

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2023-48790

Aliases

CVE-2023-48790

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-48790",
    "id": "GSD-2023-48790"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-48790"
      ],
      "id": "GSD-2023-48790",
      "modified": "2023-12-13T01:20:39.768853Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-48790",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

GHSA-FCJW-J93V-HXXQ

Vulnerability from github – Published: 2025-03-11 15:31 – Updated: 2025-03-11 15:31

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-48790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T15:15:40Z",
    "severity": "HIGH"
  },
  "details": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.",
  "id": "GHSA-fcjw-j93v-hxxq",
  "modified": "2025-03-11T15:31:01Z",
  "published": "2025-03-11T15:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48790"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-48790 (GCVE-0-2023-48790)

CERTFR-2025-AVI-0197

Solutions

CERTFR-2025-AVI-0197

Solutions

FKIE_CVE-2023-48790

GSD-2023-48790

GHSA-FCJW-J93V-HXXQ

Tags

Sightings

Nomenclature