CVE-2023-40723
Published: 11 March 2025
Summary
CVE-2023-40723 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Fortinet Fortisiem. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2023-40723 by requiring timely identification, reporting, and patching of the specific flaw exposing sensitive information via API requests.
Identifies CVE-2023-40723 through regular vulnerability scanning of FortiSIEM systems, enabling proactive remediation before exploitation.
Addresses exploitation of the API vulnerability by validating inputs to prevent crafted requests that trigger sensitive information exposure leading to code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote unauthenticated attackers to execute unauthorized code or commands via API requests on a public-facing FortiSIEM instance, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059 (Command and Scripting Interpreter) for execution.
NVD Description
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2…
more
and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request.
Deeper analysisAI
CVE-2023-40723 is an exposure of sensitive information vulnerability (CWE-200) affecting Fortinet FortiSIEM across multiple versions, including 6.7.0 through 6.7.4, 6.6.0 through 6.6.3, 6.5.0 through 6.5.1, 6.4.0 through 6.4.2, 6.3.0 through 6.3.3, 6.2.0 through 6.2.1, 6.1.0 through 6.1.2, 5.4.0, 5.3.0 through 5.3.3, 5.2.5 through 5.2.8, 5.2.1 through 5.2.2, and 5.1.0 through 5.1.3. The issue enables an attacker to execute unauthorized code or commands via an API request. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact despite elevated complexity.
A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network, though it demands high attack complexity. Successful exploitation grants the attacker the ability to execute unauthorized code or commands, compromising confidentiality, integrity, and availability at a high level within the affected FortiSIEM instance.
The Fortinet PSIRT advisory FG-IR-23-117 at https://fortiguard.com/psirt/FG-IR-23-117 provides further details on patches and mitigation strategies.
Details
- CWE(s)