Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-42787

Published: Oct 10, 2023 | Modified: Dec 21, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2023-42787
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.

Affected Software

Name Vendor Start Version End Version
Fortianalyzer Fortinet 6.2.0 (including) 6.2.12 (including)
Fortianalyzer Fortinet 6.4.0 (including) 6.4.13 (including)
Fortianalyzer Fortinet 7.0.0 (including) 7.0.9 (including)
Fortianalyzer Fortinet 7.2.0 (including) 7.2.3 (including)
Fortianalyzer Fortinet 7.4.0 (including) 7.4.0 (including)
Fortimanager Fortinet 6.2.0 (including) 6.2.12 (including)
Fortimanager Fortinet 6.4.0 (including) 6.4.13 (including)
Fortimanager Fortinet 7.0.0 (including) 7.0.9 (including)
Fortimanager Fortinet 7.2.0 (including) 7.2.3 (including)
Fortimanager Fortinet 7.4.0 (including) 7.4.0 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use