CVE-2023-41842

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10 Fortinet FortiAnalyzer-BigData before 7.2.5 Fortinet FortiPortal version 5.3 and version 6.0

Description The issue is related to the use of an externally-controlled format string, which can be exploited by a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. This is a result of a CWE-134 vulnerability.

Recommendations For Fortinet FortiManager versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer versions 7.2.0 through 7.2.3 and 7.4.0 through 7.4.1 and before 7.0.10, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer-BigData before 7.2.5, update to version 7.2.5 or later. For Fortinet FortiPortal version 5.3 and version 6.0, consider disabling the vulnerable functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability for Fortinet FortiPortal.