CVE-2023-41842 - Vulnerability Details

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortianalyzer Fortianalyzer Big Data Fortimanager Fortiportal

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer_big_data::::::::
	cpe:2.3:a:fortinet:fortianalyzer_big_data::::::::
	cpe:2.3:a:fortinet:fortianalyzer_big_data::::::::
	cpe:2.3:a:fortinet:fortianalyzer_big_data:6.2.5:::::::*
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::

No data.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-23-304

History

Fri, 11 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fortinet fortianalyzer Big Data
CPEs	cpe:2.3:a:fortinet:fortianalyzer_bigdata:::::::: cpe:2.3:a:fortinet:fortianalyzer_bigdata:6.2.5:::::::*	cpe:2.3:a:fortinet:fortianalyzer_big_data:::::::: cpe:2.3:a:fortinet:fortianalyzer_big_data:6.2.5:::::::*
Vendors & Products	Fortinet fortianalyzer Bigdata	Fortinet fortianalyzer Big Data

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-03-12T15:09:16.279Z

Updated: 2024-08-12T18:09:17.558Z

Reserved: 2023-09-04T08:12:52.814Z

Link: CVE-2023-41842

Vulnrichment

Updated: 2024-08-02T19:09:49.300Z

NVD

Status : Analyzed

Published: 2024-03-12T15:15:45.920

Modified: 2025-07-11T20:06:38.330

Link: CVE-2023-41842

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object