Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-40716: Fortiguard

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .

CVE
Open in Source
#vulnerability#auth

FortiTester - command injection in “execute restore/backup” CLI commands

Summary

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .

Version

Affected

Solution

FortiTester 7.3

Not affected

Not Applicable

FortiTester 7.2

7.2 all versions

Migrate to a fixed release

FortiTester 7.1

7.1 all versions

Migrate to a fixed release

FortiTester 7.0

7.0 all versions

Migrate to a fixed release

FortiTester 4.2

4.2 all versions

Migrate to a fixed release

FortiTester 4.1

4.1 all versions

Migrate to a fixed release

FortiTester 4.0

4.0 all versions

Migrate to a fixed release

FortiTester 3.9

3.9 all versions

Migrate to a fixed release

FortiTester 3.8

3.8 all versions

Migrate to a fixed release

FortiTester 3.7

3.7 all versions

Migrate to a fixed release

FortiTester 3.6

3.6 all versions

Migrate to a fixed release

FortiTester 3.5

3.5 all versions

Migrate to a fixed release

FortiTester 3.4

3.4 all versions

Migrate to a fixed release

FortiTester 3.3

3.3 all versions

Migrate to a fixed release

FortiTester 3.2

3.2 all versions

Migrate to a fixed release

FortiTester 3.1

3.1 all versions

Migrate to a fixed release

FortiTester 3.0

3.0 all versions

Migrate to a fixed release

FortiTester 2.9

2.9 all versions

Migrate to a fixed release

FortiTester 2.8

2.8 all versions

Migrate to a fixed release

FortiTester 2.7

2.7 all versions

Migrate to a fixed release

FortiTester 2.6

2.6 all versions

Migrate to a fixed release

FortiTester 2.5

2.5 all versions

Migrate to a fixed release

FortiTester 2.4

2.4 all versions

Migrate to a fixed release

FortiTester 2.3

2.3 all versions

Migrate to a fixed release

Acknowledgement

Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.

Timeline

2023-12-01: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE