Description
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
X
RL
X
RC
X
Affected products
- fortinet / fortisoar7.3.0 – 7.3.1
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-23-051