CVE-2023-47542
EUVD-2023-5165309.04.2024, 15:15
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortimanager | 7.0.0 ≤ 𝑥 < 7.0.11 |
| fortinet | fortimanager | 7.2.0 ≤ 𝑥 < 7.2.5 |
| fortinet | fortimanager | 7.4.0 ≤ 𝑥 < 7.4.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| fortinet | fortimanager | 7.4.0 ≤ 𝑥 ≤ 7.4.1 | ADP |
| fortinet | fortimanager | 7.2.0 ≤ 𝑥 ≤ 7.2.4 | ADP |
| fortinet | fortimanager | 7.0.0 ≤ 𝑥 < 7.0.10 | ADP |
Common Weakness Enumeration
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template EngineThe product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.