CVE-2023-41677

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-493	Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-493	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

History

12 Dec 2024, 19:22

Type	Values Removed	Values Added
References	~~() https://fortiguard.com/psirt/FG-IR-23-493 -~~	() https://fortiguard.com/psirt/FG-IR-23-493 - Vendor Advisory
CPE		cpe:2.3:o:fortinet:fortios:::::::: cpe:2.3:a:fortinet:fortiproxy::::::::
First Time		Fortinet fortiproxy Fortinet Fortinet fortios

21 Nov 2024, 08:21

Type	Values Removed	Values Added
References	~~() https://fortiguard.com/psirt/FG-IR-23-493 -~~	() https://fortiguard.com/psirt/FG-IR-23-493 -

Information

Published : 2024-04-09 15:15

Updated : 2024-12-12 19:22

NVD link : CVE-2023-41677

Mitre link : CVE-2023-41677

CVE.ORG link : CVE-2023-41677

JSON object : View

Products Affected

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2023-41677", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-04-09T15:15:27.400", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-493", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://fortiguard.com/psirt/FG-IR-23-493", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack"}, {"lang": "es", "value": "Credenciales insuficientemente protegidas en Fortinet FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6 , 1.0.0 a 1.0.7, Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15 , 6.0.0 a 6.0.17 permite al atacante ejecutar c\u00f3digo o comandos no autorizados mediante un ataque de ingenier\u00eda social dirigido"}], "lastModified": "2024-12-12T19:22:04.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A966233A-245A-4256-A142-84FACB98EE4E", "versionEndExcluding": "7.0.14", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "469D97BA-282C-4875-A156-FDA00B5B4093", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8AA0CE6-3E57-47D9-8318-215F0C4A2031", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9BCDC86-176E-401A-B188-F77E22BCFC2D", "versionEndExcluding": "6.2.16", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E29353F-8791-4117-BA7A-E32FAB8348A4", "versionEndExcluding": "6.4.15", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D25F9C04-C7FD-4B1F-A194-CA69E5DE903C", "versionEndExcluding": "7.0.13", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "553C4BA9-953B-4017-8498-785BDA7A3006", "versionEndExcluding": "7.2.7", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4316C2EA-3D6E-4A0C-B81D-ADCE040E03E0", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}