Unauthorized Code Execution via SQL Injection in FortiSOAR
CVE-2023-23775

5.9MEDIUM

Key Information:

Vendor
Fortinet
Status
Fortisoar
Vendor
CVE Published:
11 June 2024

Summary

The identified vulnerabilities in FortiSOAR products arise from multiple instances of improper handling of special elements in SQL commands, which are classified under SQL injection threats. These vulnerabilities enable an authenticated attacker to execute unauthorized commands by sending specially crafted string parameters. This may lead to severe implications for data integrity and system security, necessitating swift remedial actions.

Affected Version(s)

FortiSOAR 7.2.0

FortiSOAR 7.0.0 <= 7.0.3

References

https://fortiguard.com/psirt/FG-IR-22-448

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.