Lucene search
FortinetCVE-2023-25611HistoryMar 07, 2023 - 5:15 p.m.
CVE-2023-25611
2023-03-0717:15:12
CWE-1236
fortinet
web.nvd.nist.gov
19
cve
fortinet
fortianalyzer
csv
injection
vulnerability
security
nvd
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
Affected configurations
Node
fortinetfortianalyzerRange6.4.0–7.0.6
ORfortinetfortianalyzerRange7.2.0–7.2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fortinet | fortianalyzer | * | cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Fortinet",
"product": "FortiAnalyzer",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.2.0",
"lessThanOrEqual": "7.2.1",
"status": "affected"
},
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.5",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.0",
"lessThanOrEqual": "6.4.9",
"status": "affected"
}
]
}
]References
Related
fortinet
fortinet
FortiAnalyzer - CSV injection in macro name
2023-03-07 00:00:00
prion
prion
Input validation
2023-03-07 17:15:00
cvelist
cvelist
CVE-2023-25611
2023-03-07 16:04:36
nvd
nvd
CVE-2023-25611
2023-03-07 17:15:12
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for CVE-2023-25611