FortiManager Template Engine Vulnerability Allows Unauthorized Code Execution
CVE-2023-47542
6.3MEDIUM
Summary
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.
Affected Version(s)
FortiManager <= 7.4.1
FortiManager <= 7.2.4
FortiManager <= 7.0.10
Refferences
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database