CVE-2023-47542

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.4.1 and below FortiManager versions 7.2.4 and below FortiManager version 7.0.10 and below

Description The issue is related to an improper neutralization of special elements used in a template engine, which allows an attacker to execute unauthorized code or commands via specially crafted templates. This can be exploited by creating and using malicious templates to gain unauthorized access or control.

Recommendations For FortiManager versions 7.4.1 and below, update to a version above 7.4.1 to resolve the issue. For FortiManager versions 7.2.4 and below, update to a version above 7.2.4 to resolve the issue. For FortiManager version 7.0.10 and below, update to a version above 7.0.10 to resolve the issue. As a temporary workaround, consider restricting the use of the template engine or limiting access to it until a patch is available.