CVE-2023-23780Stack-based Buffer Overflow in Fortinet Fortiweb

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGHNVD
CNA8.0
EPSS
0.5%
top 34.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedFeb 16

Description

A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb6.3.06.3.20+2
CVEListV5fortinet/fortiweb7.0.07.0.1+2

🔴Vulnerability Details

2
CVEList
CVE-2023-23780: A stack-based buffer overflow in Fortinet FortiWeb version 72023-02-16
GHSA
GHSA-x3xx-vqcp-f76g: A stack-based buffer overflow in Fortinet FortiWeb version 72023-02-16

📋Vendor Advisories

1
Fortinet
A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through...2023-02-16
CVE-2023-23780 — Stack-based Buffer Overflow | cvebase