CVE-2023-23783Use of Externally-Controlled Format String in Fortinet Fortiweb

CWE-134Use of Externally-Controlled Format String4 documents4 sources
Severity
7.8HIGHNVD
CNA6.7
EPSS
0.1%
top 84.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedFeb 16

Description

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb6.4.06.4.2+1
CVEListV5fortinet/fortiweb7.0.07.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-w3gc-crw4-rmrm: A use of externally-controlled format string in Fortinet FortiWeb version 72023-02-16
CVEList
CVE-2023-23783: A use of externally-controlled format string in Fortinet FortiWeb version 72023-02-16

📋Vendor Advisories

1
Fortinet
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions...2023-02-16
CVE-2023-23783 — Fortinet Fortiweb vulnerability | cvebase