Unauthorized Code Execution via Targeted Social Engineering Attack
CVE-2023-41677

8.8HIGH

Key Information:

Vendor: Fortinet
Status: FortiOS; Fortiproxy
Vendor: CVE Published:; 9 April 2024

Summary

A vulnerability has been identified in Fortinet's FortiProxy and FortiOS products due to insufficiently protected credentials. This weakness allows an attacker to potentially execute unauthorized code or commands through a targeted social engineering attack. The affected versions span multiple releases of both FortiProxy and FortiOS, necessitating immediate action from users to mitigate potential threats associated with compromised credential protection.

Affected Version(s)

FortiOS 7.4.0 <= 7.4.1

FortiOS 7.2.0 <= 7.2.6

FortiOS 7.0.0 <= 7.0.12

References

https://fortiguard.com/psirt/FG-IR-23-493

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Aug 30, 2023