cve-2023-41677
Vulnerability from cvelistv5
Published
2024-04-09 14:24
Modified
2024-08-02 19:01
Severity
Summary
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
References
Impacted products
Vendor | Product |
---|---|
Fortinet | FortiOS |
Fortinet | FortiProxy |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "custom" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "custom" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "custom" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "custom" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "custom" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "custom" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "custom" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-41677", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-11T04:01:14.917820Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-12T15:15:27.451Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T19:01:35.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-493", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-493" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-15T08:10:53.751Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-493", "url": "https://fortiguard.com/psirt/FG-IR-23-493" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSASE version 23.4.a or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.13 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiOS version 6.2.16 or above \nPlease upgrade to FortiProxy version 7.4.2 or above \nPlease upgrade to FortiProxy version 7.2.8 or above \nPlease upgrade to FortiProxy version 7.0.14 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-41677", "datePublished": "2024-04-09T14:24:21.614Z", "dateReserved": "2023-08-30T13:42:39.547Z", "dateUpdated": "2024-08-02T19:01:35.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-41677\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2024-04-09T15:15:27.400\",\"lastModified\":\"2024-04-15T09:15:07.760\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack\"},{\"lang\":\"es\",\"value\":\"Credenciales insuficientemente protegidas en Fortinet FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6 , 1.0.0 a 1.0.7, Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15 , 6.0.0 a 6.0.17 permite al atacante ejecutar c\u00f3digo o comandos no autorizados mediante un ataque de ingenier\u00eda social dirigido\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-493\",\"source\":\"psirt@fortinet.com\"}]}}" } }
Loading...