SB20240312318 - CSV injection in FortiClientEMS log download feature
Published: March 12, 2024
Security Bulletin ID
SB20240312318
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Output Neutralization for Logs (CVE-ID: CVE-2023-47534)
The vulnerability allows a remote attacker to manipulate contents of log files.
The vulnerability exists due to improper input validation within the log download feature. A remote non-authenticated attacker can manipulate contents of the log files in SCV format and inject arbitrary formulas into it.
Remediation
Install update from vendor's website.