CVE-2023-42784Improper Handling of Syntactically Invalid Structure in Fortinet Fortiweb

CWE-228Improper Handling of Syntactically Invalid Structure4 documents4 sources
Severity
9.8CRITICALNVD
CNA5.6
EPSS
0.1%
top 66.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedMar 11

Description

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb7.0.07.4.7
CVEListV5fortinet/fortiweb7.4.07.4.7+2

🔴Vulnerability Details

2
GHSA
GHSA-5wr9-jp8m-f367: An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 72025-03-11
CVEList
CVE-2023-42784: An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 72025-03-11

📋Vendor Advisories

1
Fortinet
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7...2025-03-11
CVE-2023-42784 — Fortinet Fortiweb vulnerability | cvebase