CVE-2023-41842
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-41842
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用外部控制的格式字符串
Source: NVD (National Vulnerability Database)
Vulnerability Title
Fortinet 多款产品 格式化字符串错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Fortinet FortiManager等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiManager是一套集中化网络安全管理平台。Fortinet FortiAnalyzer是一套集中式网络安全报告解决方案。Fortinet FortiPortal是FortiGate、FortiWiFi 和 FortiAP 产品线的高级、功能丰富的托管安全分析和管理支持工具,可作为虚拟机供 MSP 使用。 Fortinet 多款产品存在格式化字符串错误漏洞。攻击者利用该漏洞可以通过特制命令参
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Fortinet | FortiPortal | 6.0.0 ~ 6.0.14 | cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:* | |
| Fortinet | FortiAnalyzer-BigData | 7.2.0 ~ 7.2.5 | cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.5:*:*:*:*:*:*:* | |
| Fortinet | FortiAnalyzer | 7.4.0 ~ 7.4.1 | cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* | |
| Fortinet | FortiManager | 7.4.0 ~ 7.4.1 | cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* |
II. Public POCs for CVE-2023-41842
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-41842
请登录查看更多情报信息。
Same Patch Batch · Fortinet · 2024-03-12 · 9 CVEs total
| CVE-2023-48788 | 9.3 CRITICAL | Fortinet FortiClientEMS SQL注入漏洞 |
| CVE-2023-42789 | 9.3 CRITICAL | Fortinet FortiOS 缓冲区错误漏洞 |
| CVE-2023-47534 | 8.7 HIGH | Fortinet FortiClientEMS 安全漏洞 |
| CVE-2023-42790 | 7.7 HIGH | Fortinet FortiOS 安全漏洞 |
| CVE-2023-36554 | 7.7 HIGH | Fortinet FortiManager 访问控制错误漏洞 |
| CVE-2024-23112 | 7.2 HIGH | Fortinet FortiOS 和 FortiProxy 安全漏洞 |
| CVE-2023-46717 | 6.7 MEDIUM | Fortinet FortiOS 授权问题漏洞 |
| CVE-2024-21761 | 3.9 LOW | Fortinet FortiPortal 授权问题漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-134
- CVE-2026-44407
Remote Denial of Service Vulnerability Exists in ZTE Cloud P - CVE-2026-6539
Notepad++ 8.9.3 Format String Injection via nativeLang.xml - CVE-2026-6843
Nano: nano: format string vulnerability leads to denial of s - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2026-33210
Ruby JSON has a format string injection vulnerability
V. Comments for CVE-2023-41842
No comments yet