CVE-2023-42791

Relative Path Traversal (CWE-23)

Published: Feb 20, 2024 / Updated: 9mo ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-42791. See article

Oct 11, 2023 at 8:47 AM / www.auscert.org.au
CVE Assignment

NVD published the first details for CVE-2023-42791

Feb 20, 2024 at 6:15 AM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Feb 20, 2024 at 2:03 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 6.8%)

Feb 21, 2024 at 11:02 PM
Static CVE Timeline Graph

Affected Systems

Fortinet/fortimanager
+null more

Attack Patterns

CAPEC-139: Relative Path Traversal
+null more

References

Rewterz Threat Advisory – Multiple Fortinet FortiManager and FortiAnalyzer Vulnerabilities
Fortinet FortiManager and FortiAnalyzer could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validaiton. Fortinet FortiManager and FortiAnalyzer could allow a remote authenticated attacker to bypass security restrictions, caused by a client-side enforcement of server-side security vulnerability.

News

CISA’s Weekly Summary – CVSS 10 Vulnerabilities in Progress’ LoadMaster and OpenEdge, Myriad Critical Flaws
Among the vulnerabilities outlined in this blog post are those affecting ScreenConnect, Fortinet products, GitLab, ProgressSoftware’s LoadMaster, Mastodon, the Fiber web framework, and Kubernetes Charts’ package manager Helm. This critical vulnerability enables unauthenticated remote attackers to gain access to the system via the LoadMaster management interface, allowing them to execute arbitrary system commands.
CISA’s Weekly Summary – CVSS 10 Vulnerabilities in Progress’ LoadMaster and OpenEdge, Myriad Critical Flaws
Among the vulnerabilities outlined in this blog post are those affecting ScreenConnect, Fortinet products, GitLab, ProgressSoftware’s LoadMaster, Mastodon, the Fiber web framework, and Kubernetes Charts’ package manager Helm. This critical vulnerability enables unauthenticated remote attackers to gain access to the system via the LoadMaster management interface, allowing them to execute arbitrary system commands.
US-CERT Vulnerability Summary for the Week of February 19, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA.
Vulnerability Summary for the Week of February 19, 2024
Vulnerability Summary for the Week of February 19, 2024 cmartin Feb 26, 2024 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info agronholm -- cbor2 cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue. 2024-02-19 7.5 CVE-2024-26134 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com alfio-event -- alf.io alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/ ` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue. 2024-02-19 8.8 CVE-2024-25635 security-advisories@github.com alfio-event -- alf.io alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events.
CVE-2023-42791
High Severity Description A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Read more at https://www.tenable.com/cve/CVE-2023-42791
See 12 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI