{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48790", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-11-19T19:58:38.554Z", "datePublished": "2025-03-11T14:54:31.599Z", "dateUpdated": "2025-03-11T16:05:58.718Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiNDR", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.1", "status": "affected"}, {"versionType": "semver", "version": "7.1.0", "lessThanOrEqual": "7.1.1", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.5", "status": "affected"}, {"versionType": "semver", "version": "1.5.0", "lessThanOrEqual": "1.5.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-03-11T14:54:31.599Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-352", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiNDR version 7.4.1 or above \nPlease upgrade to FortiNDR version 7.2.2 or above \nPlease upgrade to FortiNDR version 7.1.2 or above \nPlease upgrade to FortiNDR version 7.0.6 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T16:03:35.954580Z", "id": "CVE-2023-48790", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T16:05:58.718Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48790", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-11T16:03:35.954580Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T16:03:37.344Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": [], "vendor": "Fortinet", "product": "FortiNDR", "versions": [{"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.1"}, {"status": "affected", "version": "7.1.0", "versionType": "semver", "lessThanOrEqual": "7.1.1"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.5"}, {"status": "affected", "version": "1.5.0", "versionType": "semver", "lessThanOrEqual": "1.5.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiNDR version 7.4.1 or above \nPlease upgrade to FortiNDR version 7.2.2 or above \nPlease upgrade to FortiNDR version 7.1.2 or above \nPlease upgrade to FortiNDR version 7.0.6 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"}], "descriptions": [{"lang": "en", "value": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-03-11T14:54:31.599Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48790", "state": "PUBLISHED", "dateUpdated": "2025-03-11T16:05:58.718Z", "dateReserved": "2023-11-19T19:58:38.554Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-03-11T14:54:31.599Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "matchCriteriaId": "C41E06C7-CAA4-41C3-98CF-E8A277809E15", "versionEndExcluding": "7.0.6", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "matchCriteriaId": "E01D5B72-84FE-491A-9CE4-103B3DD3A0BD", "versionEndExcluding": "7.1.2", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "matchCriteriaId": "960E2185-DD32-44A1-BF36-9B9C02ABE650", "versionEndIncluding": "7.2.2", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "086FE30C-813B-4990-BBDA-010CB3EBC6EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Request Forgery [CWE-352] en Fortinet FortiNDR versi\u00f3n 7.4.0, 7.2.0 a 7.2.1 y 7.1.0 a 7.1.1 y anteriores a 7.0.5 puede permitir que un atacante remoto no autenticado ejecute acciones no autorizadas a trav\u00e9s de solicitudes HTTP GET manipuladas."}], "id": "CVE-2023-48790", "lastModified": "2025-07-22T21:22:45.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-11T15:15:40.227", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"created": "2025-07-12T22:31:44.225123+00:00", "updated": "2025-07-12T22:31:44.225200+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortindr"]}