CVE-2023-27995 HIGH

CVE-2023-27995

Vendor Fortinet

Product FortiSOAR

Weakness CWE-1336

Published April 11, 2023

Last update October 23, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

What the vulnerability does

01Description

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.

Key dates

02Disclosure timeline

April 11, 2023 CVE published

October 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-27995 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/1336.html

Related vulnerabilities

04Related CVE

CVE-2023-5764 Ansible: template injection CVE-2025-2040 zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape CVE-2026-49382 CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory