Vulnerability Description
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | >= 6.2.0, <= 6.2.12 |
| Fortinet | Fortimanager | >= 6.2.0, <= 6.2.12 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-23-187Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-q5pq-ExploitThird Party Advisory
- https://fortiguard.com/psirt/FG-IR-23-187Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-q5pq-ExploitThird Party Advisory
FAQ
What is CVE-2023-42787?
CVE-2023-42787 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote at...
How severe is CVE-2023-42787?
CVE-2023-42787 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-42787?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortimanager.