{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46720", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-10-25T08:43:15.290Z", "datePublished": "2024-06-11T14:32:00.582Z", "dateUpdated": "2024-06-14T03:55:22.962Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiOS", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.1", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.7", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.12", "status": "affected"}, {"versionType": "semver", "version": "6.4.6", "lessThanOrEqual": "6.4.15", "status": "affected"}, {"versionType": "semver", "version": "6.2.9", "lessThanOrEqual": "6.2.16", "status": "affected"}, {"versionType": "semver", "version": "6.0.13", "lessThanOrEqual": "6.0.18", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-06-11T14:32:00.582Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \n"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-356", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-356"}]}, "adp": [{"affected": [{"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.1", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.7", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.12", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "6.4.6", "status": "affected", "lessThanOrEqual": "6.4.15", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "6.2.9", "status": "affected", "lessThanOrEqual": "6.2.16", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "6.0.13", "status": "affected", "lessThanOrEqual": "6.0.18", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2023-46720"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T03:55:22.962Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en Fortinet FortiOS versi\u00f3n 7.4.0 a 7.4.1 y 7.2.0 a 7.2.7 y 7.0.0 a 7.0.12 y 6.4.6 a 6.4.15 y 6.2.9 a 6.2.16 y Las versiones 6.0.13 a 6.0.18 permiten a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de comandos CLI especialmente manipulados."}], "id": "CVE-2023-46720", "lastModified": "2024-06-13T18:36:45.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2024-06-11T15:15:55.087", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-356"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}