CVE-2023-23782Heap-based Buffer Overflow in Fortinet Fortiweb

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 65.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedFeb 16

Description

A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb6.3.06.3.20+3
CVEListV5fortinet/fortiweb7.0.07.0.1+5

🔴Vulnerability Details

2
GHSA
GHSA-xh92-w56h-3jjm: A heap-based buffer overflow in Fortinet FortiWeb version 72023-02-16
CVEList
CVE-2023-23782: A heap-based buffer overflow in Fortinet FortiWeb version 72023-02-16

📋Vendor Advisories

1
Fortinet
A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, Fo...2023-02-16
CVE-2023-23782 — Heap-based Buffer Overflow in Fortinet | cvebase