CVE-2023-25611 MEDIUM

CVE-2023-25611

Vendor Fortinet
Product FortiAnalyzer
Weakness CWE-1236
Published March 7, 2023
Last update October 22, 2024

CVSS base score

4.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X

What the vulnerability does

01Description

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.

Key dates

02Disclosure timeline

March 7, 2023 CVE published
October 22, 2024 Record updated