CVE-2023-41677
EUVD-2023-4616909.04.2024, 15:15
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attackEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortiproxy | 1.0.0 ≤ 𝑥 < 7.0.14 |
| fortinet | fortiproxy | 7.2.0 ≤ 𝑥 < 7.2.8 |
| fortinet | fortiproxy | 7.4.0 ≤ 𝑥 < 7.4.2 |
| fortinet | fortios | 6.0.0 ≤ 𝑥 < 6.2.16 |
| fortinet | fortios | 6.4.0 ≤ 𝑥 < 6.4.15 |
| fortinet | fortios | 7.0.0 ≤ 𝑥 < 7.0.13 |
| fortinet | fortios | 7.2.0 ≤ 𝑥 < 7.2.7 |
| fortinet | fortios | 7.4.0 ≤ 𝑥 < 7.4.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| fortinet | fortios | 6.0.0 ≤ 𝑥 ≤ 6.0.18 | ADP |
| fortinet | fortios | 6.2.0 ≤ 𝑥 ≤ 6.2.15 | ADP |
| fortinet | fortios | 6.4.0 ≤ 𝑥 ≤ 6.4.14 | ADP |
| fortinet | fortios | 7.0.0 ≤ 𝑥 ≤ 7.0.12 | ADP |
| fortinet | fortios | 7.2.0 ≤ 𝑥 ≤ 7.2.6 | ADP |
| fortinet | fortios | 7.4.0 ≤ 𝑥 ≤ 7.4.1 | ADP |
| fortinet | fortiproxy | 1.0.0 ≤ 𝑥 ≤ 1.0.7 | ADP |
| fortinet | fortiproxy | 1.1.0 ≤ 𝑥 ≤ 1.1.6 | ADP |
| fortinet | fortiproxy | 1.2.0 ≤ 𝑥 ≤ 1.2.13 | ADP |
| fortinet | fortiproxy | 2.0.0 ≤ 𝑥 ≤ 2.0.14 | ADP |
| fortinet | fortiproxy | 7.0.0 ≤ 𝑥 ≤ 7.0.13 | ADP |
| fortinet | fortiproxy | 7.2.0 ≤ 𝑥 ≤ 7.2.7 | ADP |
| fortinet | fortiproxy | 7.4.0 ≤ 𝑥 ≤ 7.4.1 | ADP |
Common Weakness Enumeration