CVE-2023-42787

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 10, 2023

Updated: Dec 21, 2023

CWE ID 602

Summary

CVE-2023-42787 is a client-side enforcement of server-side security vulnerability [CWE-602]. Affecting Fortinet FortiManager versions 7.4.0 and below 7.2.3, as well as FortiAnalyzer versions 7.4.0 and below 7.2.3, this issue permits a remote attacker with minimal privileges to execute client-side code, ultimately granting them access to the privileged web console. This flaw poses a significant risk, allowing unauthorized access and potential data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiManager
FortiAnalyzer

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/srrgVO
https://www.cve.org/CVERecord?id=CVE-2023-42787
https://nvd.nist.gov/vuln/detail/CVE-2023-42787

Back to Vulnerability Database