CVE-2023-45590

An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-087	Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-087	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:forticlient::::::linux::*
	cpe:2.3:a:fortinet:forticlient:7.0.3:::::linux::
	cpe:2.3:a:fortinet:forticlient:7.0.4:::::linux::
	cpe:2.3:a:fortinet:forticlient:7.2.0:::::linux::

History

No history.

Information

Published : 2024-04-09 15:15

Updated : 2025-01-17 17:08

NVD link : CVE-2023-45590

Mitre link : CVE-2023-45590

CVE.ORG link : CVE-2023-45590

JSON object : View

Products Affected

fortinet

forticlient

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2023-45590", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-04-09T15:15:27.627", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-087", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://fortiguard.com/psirt/FG-IR-23-087", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website"}, {"lang": "es", "value": "Un control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Fortinet FortiClientLinux versi\u00f3n 7.2.0, 7.0.6 a 7.0.10 y 7.0.3 a 7.0.4 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados enga\u00f1ando a un usuario de FortiClientLinux para que visitar un sitio web malicioso"}], "lastModified": "2025-01-17T17:08:31.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "0A39CBD1-AAF7-4423-AA29-840CF0DBFD6E", "versionEndExcluding": "7.0.11", "versionStartIncluding": "7.0.6"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.0.3:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "14320E4A-2445-4930-A8D1-B768B7294B36"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.0.4:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "56EE5E2F-CB22-4294-9AA9-DDB344494D9B"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "88271718-0DD4-4717-B403-1B44E2E56C91"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}