CVE-2023-23782
Published Feb 16, 2023
Last updated a year ago
Overview
- Description
- A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands.
- Source
- psirt@fortinet.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "906A573F-4734-453E-B9F1-320CE979A0F0",
"versionEndIncluding": "6.2.7",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1EC1014F-44DE-4FC7-B0A7-82BEA9A443F2",
"versionEndExcluding": "6.3.20",
"versionStartIncluding": "6.3.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6B93ABE-8620-4253-83C0-3D2228D20118",
"versionEndIncluding": "6.4.2",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9054E8B0-2CF0-4DD3-8D5A-34C399F7C20D",
"versionEndExcluding": "7.0.2",
"versionStartIncluding": "7.0.0"
}
],
"operator": "OR"
}
]
}
]