Unauthorized Code Execution via Targeted Social Engineering Attack

CVE-2023-41677

7.5HIGH

Key Information

Vendor: Fortinet
Status: FortiOS; Fortiproxy
Vendor: CVE Published:; 9 April 2024

Summary

A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack

Affected Version(s)

FortiOS <= 7.4.1

FortiOS <= 7.2.6

FortiOS <= 7.0.12

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Apr 9, 2024
Vulnerability Reserved.
Aug 30, 2023

Collectors

NVD DatabaseMitre Database