CVE-2023-41838

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.2.0 through 7.2.3 FortiManager version 7.4.0

Description The issue is related to an improper neutralization of special elements used in an os command, which may allow an attacker to execute unauthorized code or commands via the FortiManager cli. This can be exploited due to insufficient checking of arguments passed to a command, potentially enabling an attacker to execute arbitrary commands or code.

Recommendations For FortiManager versions 7.2.0 through 7.2.3, consider disabling the vulnerable command execution functionality until a patch is available. For FortiManager version 7.4.0, restrict access to the FortiManager cli to minimize the risk of exploitation. As a temporary workaround, avoid using the FortiManager cli for executing commands that may contain special elements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.