CVE-2023-40716

Name of the Vulnerable Software and Affected Versions FortiTester versions 2.3.0 through 7.2.3

Description An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup.

Recommendations For FortiTester versions 2.3.0 through 7.2.3, consider disabling the execute restore/backup functionality until a patch is available to prevent exploitation. Restrict access to the command line interpreter to minimize the risk of unauthorized command execution. Avoid using specifically crafted arguments when running execute restore/backup until the issue is resolved.