{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-42791",
        "ASSIGNER": "psirt@fortinet.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Execute unauthorized code or commands",
                        "cweId": "CWE-23"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Fortinet",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "FortiManager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "7.4.0"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.2.0",
                                            "version_value": "7.2.3"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.0.0",
                                            "version_value": "7.0.8"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "6.4.0",
                                            "version_value": "6.4.12"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "6.2.0",
                                            "version_value": "6.2.11"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "FortiAnalyzer",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "7.4.0"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.2.0",
                                            "version_value": "7.2.3"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.0.0",
                                            "version_value": "7.0.8"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "6.4.0",
                                            "version_value": "6.4.12"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "6.2.0",
                                            "version_value": "6.2.11"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://fortiguard.com/psirt/FG-IR-23-189",
                "refsource": "MISC",
                "name": "https://fortiguard.com/psirt/FG-IR-23-189"
            }
        ]
    },
    "solution": [
        {
            "lang": "en",
            "value": "Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.0.7 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.4.8 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.2.6 or above \nPlease upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above \nPlease upgrade to FortiManager version 6.2.12 or above \nPlease upgrade to FortiAnalyzer version 7.4.1 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiAnalyzer version 7.0.9 or above \nPlease upgrade to FortiAnalyzer version 6.4.13 or above \nPlease upgrade to FortiAnalyzer version 6.2.12 or above \n"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X"
            }
        ]
    }
}