CVE-2023-42788

Name of the Vulnerable Software and Affected Versions FortiManager & FortiAnalyzer version 7.4.0 FortiManager & FortiAnalyzer versions 7.2.0 through 7.2.3 FortiManager & FortiAnalyzer versions 7.0.0 through 7.0.8 FortiManager & FortiAnalyzer versions 6.4.0 through 6.4.12 FortiManager & FortiAnalyzer versions 6.2.0 through 6.2.11

Description The issue is related to an improper neutralization of special elements used in an OS command, which may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command. This is due to insufficient checking of arguments passed to a command.

Recommendations For version 7.4.0, update to a version that includes a fix for this issue. For versions 7.2.0 through 7.2.3, update to a version that includes a fix for this issue. For versions 7.0.0 through 7.0.8, update to a version that includes a fix for this issue. For versions 6.4.0 through 6.4.12, update to a version that includes a fix for this issue. For versions 6.2.0 through 6.2.11, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the CLI command to minimize the risk of exploitation.