CVE-2023-36554

A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-23-103 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*

History

15 Mar 2024, 15:23

Type Values Removed Values Added
References () https://fortiguard.com/psirt/FG-IR-23-103 - () https://fortiguard.com/psirt/FG-IR-23-103 - Vendor Advisory
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 9.8
Summary
  • (es) Un control de acceso inadecuado en Fortinet FortiManager versión 7.4.0, versión 7.2.0 a 7.2.3, versión 7.0.0 a 7.0.10, versión 6.4.0 a 6.4.13, 6.2 todas las versiones permite a un atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP especialmente manipuladas.
CPE cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
First Time Fortinet fortimanager
Fortinet

12 Mar 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-12 15:15

Updated : 2024-03-15 15:23


NVD link : CVE-2023-36554

Mitre link : CVE-2023-36554

CVE.ORG link : CVE-2023-36554


JSON object : View

Products Affected

fortinet

  • fortimanager
CWE
CWE-284

Improper Access Control