cvelistv5 - cve-2023-48782

CVE-2023-48782 (GCVE-0-2023-48782)

Vulnerability from cvelistv5

Published

2023-12-13 06:37

Modified

2026-02-25 16:12

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F

CWE

CWE-78 - Execute unauthorized code or commands

Summary

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

References

URL

	Vendor	Product	Version
	Fortinet	FortiWLM	Version: 8.6.0 ≤ 8.6.5

CERTFR-2023-AVI-1018

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS), une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.6
Fortinet	FortiMail	FortiMail 6.0.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiTester 2.6.x toutes versions
Fortinet	N/A	FortiNDR 1.1.x toutes versions
Fortinet	FortiSandbox	FortiSandbox versions 3.0.x antérieures à 3.0.4
Fortinet	N/A	FortiTester 3.5.x toutes versions
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.11
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.5
Fortinet	FortiOS	FortiOS 6.4.x toutes versions
Fortinet	FortiWeb	FortiWeb 7.0.x toutes versions
Fortinet	FortiSwitch	FortiSwitch 6.2.x toutes versions
Fortinet	FortiADC	FortiADC 6.2.x toutes versions
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.1
Fortinet	FortiRecorder	FortiRecorder 2.6.x toutes versions
Fortinet	N/A	FortiTester 3.2.x toutes versions
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.11
Fortinet	FortiADC	FortiADC 6.0.x toutes versions
Fortinet	N/A	FortiTester 7.1.x toutes versions
Fortinet	FortiOS	FortiOS 6.0.x toutes versions
Fortinet	FortiRecorder	FortiRecorder 2.7.x toutes versions
Fortinet	FortiSandbox	FortiSandbox 3.1.x toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.1
Fortinet	FortiADC	FortiADC 7.0.x toutes versions
Fortinet	N/A	FortiTester 2.5.x toutes versions
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.3
Fortinet	FortiSandbox	FortiSandbox 4.0.x toutes versions
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiTester 3.9.x toutes versions
Fortinet	N/A	FortiTester 4.1.x toutes versions
Fortinet	N/A	FortiNDR versions 7.0.x antérieures à 7.0.5
Fortinet	FortiSandbox	FortiSandbox 3.2.x toutes versions
Fortinet	N/A	FortiNDR 1.2.x toutes versions
Fortinet	FortiOS	FortiOS 7.0.x toutes versions
Fortinet	N/A	FortiTester 3.7.x toutes versions
Fortinet	FortiADC	FortiADC 7.1.x toutes versions
Fortinet	FortiMail	FortiMail 6.2.x toutes versions
Fortinet	N/A	FortiTester 3.4.x toutes versions
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.16
Fortinet	FortiWeb	FortiWeb 6.3.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	N/A	FortiTester 2.7.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.6
Fortinet	N/A	FortiTester 2.3.x toutes versions
Fortinet	N/A	FortiVoice versions 6.4.x antérieures à 6.4.8
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.1
Fortinet	N/A	FortiTester 2.8.x toutes versions
Fortinet	N/A	FortiNDR 1.3.x toutes versions
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiNDR versions 7.1.x antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.1.1
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.10
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.7
Fortinet	N/A	FortiTester 7.2.x toutes versions
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.3
Fortinet	FortiSwitch	FortiSwitch 6.0.x toutes versions
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.5
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	N/A	FortiTester 2.9.x toutes versions
Fortinet	N/A	FortiVoice versions 6.0.x antérieures à 6.0.12
Fortinet	FortiADC	FortiADC 6.1.x toutes versions
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.13
Fortinet	FortiPAM	FortiPAM 1.0.x toutes versions
Fortinet	N/A	FortiTester 2.4.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.12
Fortinet	N/A	FortiTester 4.0.x toutes versions
Fortinet	N/A	FortiTester 4.2.x toutes versions
Fortinet	N/A	FortiTester 3.1.x toutes versions
Fortinet	N/A	FortiNDR 1.5.x toutes versions
Fortinet	FortiWeb	FortiWeb 6.2.x toutes versions
Fortinet	N/A	FortiNDR 1.4.x toutes versions
Fortinet	FortiRecorder	FortiRecorder versions 6.0.x antérieures à 6.0.12
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.1.2
Fortinet	N/A	FortiTester 3.8.x toutes versions
Fortinet	N/A	FortiTester 3.6.x toutes versions
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.3
Fortinet	N/A	FortiTester 3.3.x toutes versions
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiTester 3.0.x toutes versions
Fortinet	N/A	FortiWLM versions 8.6.x antérieures à 8.6.6
Fortinet	FortiSandbox	FortiSandbox 4.2.x toutes versions
Fortinet	N/A	FortiTester 7.0.x toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-138 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-270 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-214 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-196 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-360 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-439 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-425 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-038 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-256 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-345 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-432 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-450 du 12 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail 6.0.x toutes versions",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.6.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.4.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 7.0.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch 6.2.x toutes versions",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.2.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder 2.6.x toutes versions",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder 2.7.x toutes versions",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.1.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.0.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.9.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.2.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.7.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail 6.2.x toutes versions",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.3.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.7.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.8.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch 6.0.x toutes versions",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.9.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0.x toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.2.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.8.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.6.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.2.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-47536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47536"
    },
    {
      "name": "CVE-2023-47539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47539"
    },
    {
      "name": "CVE-2023-40716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40716"
    },
    {
      "name": "CVE-2023-41678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41678"
    },
    {
      "name": "CVE-2023-46713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46713"
    },
    {
      "name": "CVE-2023-48782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48782"
    },
    {
      "name": "CVE-2023-41844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41844"
    },
    {
      "name": "CVE-2023-41673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41673"
    },
    {
      "name": "CVE-2022-27488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27488"
    },
    {
      "name": "CVE-2023-48791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48791"
    },
    {
      "name": "CVE-2023-36639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
    },
    {
      "name": "CVE-2023-45587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45587"
    }
  ],
  "initial_release_date": "2023-12-13T00:00:00",
  "last_revision_date": "2023-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-1018",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune injection de code indirecte \u00e0 distance (XSS), une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-138 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-138"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-270 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-214 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-196 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-360 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-360"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-439 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-439"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-425 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-425"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-038 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-038"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-256 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-256"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-345 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-345"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-432 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-432"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-450 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted