CVE-2023-40714

Published: Apr 2, 2025Modified: Jul 15, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

Affected (4)

Products: Fortinet: Fortisiem

Fortinet

1 product

Fortisiem

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortisiem	From 6.4.0 to 6.5.1
Fortinet Fortisiem	From 6.6.0 to 6.6.3
Fortinet Fortisiem	From 6.7.0 to 6.7.3
Fortinet Fortisiem	Version 7.0.0

Related CWEs

CWE-23

Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (1)

https://fortiguard.com/psirt/FG-IR-23-085

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.