CVE-2023-34984Protection Mechanism Failure in Fortinet Fortiweb

CWE-693Protection Mechanism Failure4 documents4 sources
Severity
8.8HIGHNVD
CNA7.5
EPSS
0.4%
top 41.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedSep 13

Description

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortiweb7.2.07.2.1+3
NVDfortinet/fortiweb6.3.66.3.23+3

🔴Vulnerability Details

2
CVEList
CVE-2023-34984: A protection mechanism failure in Fortinet FortiWeb 72023-09-13
GHSA
GHSA-m4f8-h2j6-g2c3: A protection mechanism failure in Fortinet FortiWeb 72023-09-13

📋Vendor Advisories

1
Fortinet
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6...2023-09-13
CVE-2023-34984 — Protection Mechanism Failure | cvebase