CVE-2023-40723
Published: 11 March 2025
Description
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Security Summary
CVE-2023-40723 is an exposure of sensitive information vulnerability (CWE-200) affecting Fortinet FortiSIEM across multiple versions, including 6.7.0 through 6.7.4, 6.6.0 through 6.6.3, 6.5.0 through 6.5.1, 6.4.0 through 6.4.2, 6.3.0 through 6.3.3, 6.2.0 through 6.2.1, 6.1.0 through 6.1.2, 5.4.0, 5.3.0 through 5.3.3, 5.2.5 through 5.2.8, 5.2.1 through 5.2.2, and 5.1.0 through 5.1.3. The issue enables an attacker to execute unauthorized code or commands via an API request. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact despite elevated complexity.
A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network, though it demands high attack complexity. Successful exploitation grants the attacker the ability to execute unauthorized code or commands, compromising confidentiality, integrity, and availability at a high level within the affected FortiSIEM instance.
The Fortinet PSIRT advisory FG-IR-23-117 at https://fortiguard.com/psirt/FG-IR-23-117 provides further details on patches and mitigation strategies.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote unauthenticated attackers to execute unauthorized code or commands via API requests on a public-facing FortiSIEM instance, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059 (Command and Scripting Interpreter) for execution.