cvelistv5 - cve-2023-33301

CVE-2023-33301 (GCVE-0-2023-33301)

Vulnerability from cvelistv5

Published

2023-10-10 16:48

Modified

2024-09-18 17:49

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U

CWE

CWE-284 - Improper access control

Summary

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-139

Impacted products

	Vendor	Product	Version
	Fortinet	FortiOS	Version: 7.4.0 Version: 7.2.0 ≤ 7.2.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:36.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-139",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-139"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.2.4",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33301",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T17:46:48.606324Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T17:49:04.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:48:27.472Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-139",
          "url": "https://fortiguard.com/psirt/FG-IR-23-139"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.4.1 or above Please upgrade to FortiOS version 7.2.5 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-33301",
    "datePublished": "2023-10-10T16:48:27.472Z",
    "dateReserved": "2023-05-22T07:58:22.197Z",
    "dateUpdated": "2024-09-18T17:49:04.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2024-AVI-0203

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Cerberus PRO EN Engineering Tool versions antérieures à IP8
Siemens	N/A	SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0
Siemens	N/A	SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0
Siemens	N/A	Sinteso FS20 EN Fire Panel FC20 versions antérieures à MP8
Siemens	N/A	RUGGEDCOM APE1808 avec Fortinet NGFW versions antérieures à V7.4.1
Siemens	N/A	Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016
Siemens	N/A	Cerberus PRO EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016
Siemens	N/A	SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions
Siemens	N/A	Sinteso FS20 EN Engineering Tool versions antérieures à MP8
Siemens	N/A	SIMATIC RF160B (6GT2003-0FA00) versions antérieures à V2.2
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à V3.2
Siemens	N/A	Solid Edge versions antérieures à V223.0.11
Siemens	N/A	Siveillance Control versions supérieures ou égales à V2.8 versions antérieures à V3.1.1
Siemens	N/A	Cerberus PRO EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617
Siemens	N/A	Cerberus PRO EN Fire Panel FC72x versions antérieures à IP8
Siemens	N/A	SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0
Siemens	N/A	Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015
Siemens	N/A	SINEMA Remote Connect Client versions antérieures à V3.1 SP1
Siemens	N/A	SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0
Siemens	N/A	Cerberus PRO EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015
Siemens	N/A	Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618
Siemens	N/A	Cerberus PRO EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618
Siemens	N/A	Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617
Siemens	N/A	Sinteso Mobile versions antérieures à V3.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-792319 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-918992 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-353002 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-653855 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-225840 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-145196 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-382651 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-832273 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-366067 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-770721 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-576771 du 12 mars 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cerberus PRO EN Engineering Tool versions ant\u00e9rieures \u00e0 IP8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN Fire Panel FC20 versions ant\u00e9rieures \u00e0 MP8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM APE1808 avec Fortinet NGFW versions ant\u00e9rieures \u00e0 V7.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN Engineering Tool versions ant\u00e9rieures \u00e0 MP8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF160B (6GT2003-0FA00) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge versions ant\u00e9rieures \u00e0 V223.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Control versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.8 versions ant\u00e9rieures \u00e0 V3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN Fire Panel FC72x versions ant\u00e9rieures \u00e0 IP8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Client versions ant\u00e9rieures \u00e0 V3.1 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso Mobile versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
    },
    {
      "name": "CVE-2017-18509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18509"
    },
    {
      "name": "CVE-2021-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0599"
    },
    {
      "name": "CVE-2021-0443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0443"
    },
    {
      "name": "CVE-2022-20462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20462"
    },
    {
      "name": "CVE-2021-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0598"
    },
    {
      "name": "CVE-2021-0438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0438"
    },
    {
      "name": "CVE-2021-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
    },
    {
      "name": "CVE-2021-0585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0585"
    },
    {
      "name": "CVE-2021-0331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0331"
    },
    {
      "name": "CVE-2021-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0509"
    },
    {
      "name": "CVE-2021-0601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0601"
    },
    {
      "name": "CVE-2021-0478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0478"
    },
    {
      "name": "CVE-2021-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
    },
    {
      "name": "CVE-2021-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0600"
    },
    {
      "name": "CVE-2021-0928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0928"
    },
    {
      "name": "CVE-2021-0484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0484"
    },
    {
      "name": "CVE-2023-36641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
    },
    {
      "name": "CVE-2021-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
    },
    {
      "name": "CVE-2021-0341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2022-41329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
    },
    {
      "name": "CVE-2021-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0597"
    },
    {
      "name": "CVE-2020-24587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2022-20421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
    },
    {
      "name": "CVE-2021-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
    },
    {
      "name": "CVE-2022-20498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20498"
    },
    {
      "name": "CVE-2021-0473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0473"
    },
    {
      "name": "CVE-2022-41328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
    },
    {
      "name": "CVE-2022-42474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
    },
    {
      "name": "CVE-2021-0870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
    },
    {
      "name": "CVE-2020-0417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0417"
    },
    {
      "name": "CVE-2020-29660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
    },
    {
      "name": "CVE-2021-0604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0604"
    },
    {
      "name": "CVE-2021-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0522"
    },
    {
      "name": "CVE-2021-39629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
    },
    {
      "name": "CVE-2020-29661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
    },
    {
      "name": "CVE-2021-38204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
    },
    {
      "name": "CVE-2022-20229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20229"
    },
    {
      "name": "CVE-2023-33306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33306"
    },
    {
      "name": "CVE-2022-39948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
    },
    {
      "name": "CVE-2022-20423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20423"
    },
    {
      "name": "CVE-2021-0396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
    },
    {
      "name": "CVE-2021-0650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0650"
    },
    {
      "name": "CVE-2021-0329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0329"
    },
    {
      "name": "CVE-2023-41675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41675"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-27997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
    },
    {
      "name": "CVE-2023-29183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29183"
    },
    {
      "name": "CVE-2021-0471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0471"
    },
    {
      "name": "CVE-2023-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
    },
    {
      "name": "CVE-2021-0963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0963"
    },
    {
      "name": "CVE-2021-0327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0327"
    },
    {
      "name": "CVE-2021-0653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0653"
    },
    {
      "name": "CVE-2021-0690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0690"
    },
    {
      "name": "CVE-2021-39634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
    },
    {
      "name": "CVE-2021-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0596"
    },
    {
      "name": "CVE-2023-47537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
    },
    {
      "name": "CVE-2023-28002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
    },
    {
      "name": "CVE-2023-22641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
    },
    {
      "name": "CVE-2021-0919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0919"
    },
    {
      "name": "CVE-2021-0968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0968"
    },
    {
      "name": "CVE-2022-20500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20500"
    },
    {
      "name": "CVE-2021-29647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
    },
    {
      "name": "CVE-2021-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0521"
    },
    {
      "name": "CVE-2020-11301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
    },
    {
      "name": "CVE-2021-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0953"
    },
    {
      "name": "CVE-2021-0926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0926"
    },
    {
      "name": "CVE-2021-0961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0961"
    },
    {
      "name": "CVE-2023-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
    },
    {
      "name": "CVE-2020-23064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
    },
    {
      "name": "CVE-2021-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
    },
    {
      "name": "CVE-2021-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0339"
    },
    {
      "name": "CVE-2021-39627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
    },
    {
      "name": "CVE-2021-0437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0437"
    },
    {
      "name": "CVE-2023-29179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
    },
    {
      "name": "CVE-2021-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0433"
    },
    {
      "name": "CVE-2024-22041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22041"
    },
    {
      "name": "CVE-2023-33305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
    },
    {
      "name": "CVE-2022-20473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20473"
    },
    {
      "name": "CVE-2022-43947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
    },
    {
      "name": "CVE-2023-41841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41841"
    },
    {
      "name": "CVE-2021-0333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0333"
    },
    {
      "name": "CVE-2022-20483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20483"
    },
    {
      "name": "CVE-2020-25705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
    },
    {
      "name": "CVE-2024-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22045"
    },
    {
      "name": "CVE-2022-42476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
    },
    {
      "name": "CVE-2023-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
    },
    {
      "name": "CVE-2021-0399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
    },
    {
      "name": "CVE-2023-33301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33301"
    },
    {
      "name": "CVE-2021-0476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0476"
    },
    {
      "name": "CVE-2021-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0507"
    },
    {
      "name": "CVE-2021-0390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
    },
    {
      "name": "CVE-2021-0444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0444"
    },
    {
      "name": "CVE-2021-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0520"
    },
    {
      "name": "CVE-2021-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0586"
    },
    {
      "name": "CVE-2021-39633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
    },
    {
      "name": "CVE-2021-0587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0587"
    },
    {
      "name": "CVE-2021-0952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0952"
    },
    {
      "name": "CVE-2022-20476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20476"
    },
    {
      "name": "CVE-2020-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
    },
    {
      "name": "CVE-2022-20472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20472"
    },
    {
      "name": "CVE-2021-0326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0326"
    },
    {
      "name": "CVE-2021-0929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0929"
    },
    {
      "name": "CVE-2022-20227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20227"
    },
    {
      "name": "CVE-2021-0336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0336"
    },
    {
      "name": "CVE-2023-44250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44250"
    },
    {
      "name": "CVE-2021-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0506"
    },
    {
      "name": "CVE-2021-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0515"
    },
    {
      "name": "CVE-2022-20355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20355"
    },
    {
      "name": "CVE-2021-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0330"
    },
    {
      "name": "CVE-2021-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0688"
    },
    {
      "name": "CVE-2021-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
    },
    {
      "name": "CVE-2024-21762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
    },
    {
      "name": "CVE-2021-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
    },
    {
      "name": "CVE-2023-29178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
    },
    {
      "name": "CVE-2022-20130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
    },
    {
      "name": "CVE-2021-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
    },
    {
      "name": "CVE-2021-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0516"
    },
    {
      "name": "CVE-2021-39621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
    },
    {
      "name": "CVE-2021-33909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
    },
    {
      "name": "CVE-2022-42469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
    },
    {
      "name": "CVE-2021-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
    },
    {
      "name": "CVE-2021-1976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
    },
    {
      "name": "CVE-2022-41327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
    },
    {
      "name": "CVE-2021-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
    },
    {
      "name": "CVE-2020-14305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
    },
    {
      "name": "CVE-2023-36555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36555"
    },
    {
      "name": "CVE-2022-20422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
    },
    {
      "name": "CVE-2022-20468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20468"
    },
    {
      "name": "CVE-2023-22640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22640"
    },
    {
      "name": "CVE-2021-0400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0400"
    },
    {
      "name": "CVE-2022-20469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20469"
    },
    {
      "name": "CVE-2020-26558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
    },
    {
      "name": "CVE-2021-0706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
    },
    {
      "name": "CVE-2021-0682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0682"
    },
    {
      "name": "CVE-2021-0480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0480"
    },
    {
      "name": "CVE-2021-0429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0429"
    },
    {
      "name": "CVE-2023-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
    },
    {
      "name": "CVE-2021-0683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0683"
    },
    {
      "name": "CVE-2022-20411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20411"
    },
    {
      "name": "CVE-2022-43953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
    },
    {
      "name": "CVE-2023-33307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33307"
    },
    {
      "name": "CVE-2021-0328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0328"
    },
    {
      "name": "CVE-2021-0684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0684"
    },
    {
      "name": "CVE-2022-20466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20466"
    },
    {
      "name": "CVE-2023-40718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40718"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2021-0704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0704"
    },
    {
      "name": "CVE-2022-20127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
    },
    {
      "name": "CVE-2021-0436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0436"
    },
    {
      "name": "CVE-2021-0584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
    },
    {
      "name": "CVE-2022-45861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
    },
    {
      "name": "CVE-2021-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0594"
    },
    {
      "name": "CVE-2021-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
    },
    {
      "name": "CVE-2021-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0514"
    },
    {
      "name": "CVE-2021-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0511"
    },
    {
      "name": "CVE-2021-0931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0931"
    },
    {
      "name": "CVE-2024-21483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21483"
    },
    {
      "name": "CVE-2020-15436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
    },
    {
      "name": "CVE-2023-45793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45793"
    },
    {
      "name": "CVE-2021-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0689"
    },
    {
      "name": "CVE-2023-28001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28001"
    },
    {
      "name": "CVE-2021-0970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0970"
    },
    {
      "name": "CVE-2021-0337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0337"
    },
    {
      "name": "CVE-2022-32257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32257"
    },
    {
      "name": "CVE-2023-36639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
    },
    {
      "name": "CVE-2021-39623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
    },
    {
      "name": "CVE-2022-41330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
    },
    {
      "name": "CVE-2021-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0508"
    },
    {
      "name": "CVE-2021-0325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0325"
    },
    {
      "name": "CVE-2021-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
    },
    {
      "name": "CVE-2022-41334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41334"
    },
    {
      "name": "CVE-2024-23113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
    },
    {
      "name": "CVE-2020-0338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
    },
    {
      "name": "CVE-2020-26555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
    },
    {
      "name": "CVE-2021-0302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0302"
    },
    {
      "name": "CVE-2021-0589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0589"
    },
    {
      "name": "CVE-2021-0305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0305"
    },
    {
      "name": "CVE-2023-33308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33308"
    },
    {
      "name": "CVE-2023-29175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
    },
    {
      "name": "CVE-2021-0431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0431"
    },
    {
      "name": "CVE-2021-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
    },
    {
      "name": "CVE-2021-0474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0474"
    },
    {
      "name": "CVE-2021-0930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0930"
    },
    {
      "name": "CVE-2021-39626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
    },
    {
      "name": "CVE-2021-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0967"
    },
    {
      "name": "CVE-2023-25610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
    },
    {
      "name": "CVE-2023-37935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37935"
    },
    {
      "name": "CVE-2021-0695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0695"
    },
    {
      "name": "CVE-2024-22040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22040"
    },
    {
      "name": "CVE-2021-0965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0965"
    },
    {
      "name": "CVE-2021-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0513"
    },
    {
      "name": "CVE-2021-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0434"
    },
    {
      "name": "CVE-2021-0687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0687"
    },
    {
      "name": "CVE-2021-0481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0481"
    },
    {
      "name": "CVE-2021-0964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0964"
    },
    {
      "name": "CVE-2021-0641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
    },
    {
      "name": "CVE-2021-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0435"
    },
    {
      "name": "CVE-2021-0334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0334"
    },
    {
      "name": "CVE-2021-0933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0933"
    },
    {
      "name": "CVE-2021-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
    },
    {
      "name": "CVE-2023-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
    },
    {
      "name": "CVE-2021-0588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0588"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2024-22039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22039"
    },
    {
      "name": "CVE-2021-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
    },
    {
      "name": "CVE-2021-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0510"
    },
    {
      "name": "CVE-2021-0692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0692"
    },
    {
      "name": "CVE-2024-22044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22044"
    },
    {
      "name": "CVE-2020-14381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
    }
  ],
  "initial_release_date": "2024-03-12T00:00:00",
  "last_revision_date": "2024-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0203",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-792319 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-792319.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-918992 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-918992.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-353002 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-653855 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-225840 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-145196 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-382651 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-382651.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-832273 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-366067 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-366067.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-770721 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-576771 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-576771.html"
    }
  ]
}

CERTFR-2023-AVI-0824

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.13
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.6
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.1
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.9
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.3

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-104 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-120 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-139 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-184 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-318 du 10 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-41675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41675"
    },
    {
      "name": "CVE-2023-41841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41841"
    },
    {
      "name": "CVE-2023-33301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33301"
    },
    {
      "name": "CVE-2023-36555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36555"
    },
    {
      "name": "CVE-2023-37935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37935"
    }
  ],
  "initial_release_date": "2023-10-11T00:00:00",
  "last_revision_date": "2023-10-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0824",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-104 du 10 octobre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-120 du 10 octobre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-120"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-139 du 10 octobre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-139"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-184 du 10 octobre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-184"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-318 du 10 octobre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-318"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-33301 (GCVE-0-2023-33301)

Vulnerability from cvelistv5

CERTFR-2024-AVI-0203

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-0824

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature