FortiManager Template Engine Vulnerability Allows Unauthorized Code Execution

CVE-2023-47542

6.3MEDIUM

Key Information

Vendor
Fortinet
Status
Fortimanager
Vendor
CVE Published:
9 April 2024

Summary

A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.

Affected Version(s)

FortiManager <= 7.4.1

FortiManager <= 7.2.4

FortiManager <= 7.0.10

Refferences

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.