CVE-2023-23782

A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands.

Published: Feb 16, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-23782
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	6.4.0	6.4.2.x
fortinet / fortiweb	6.3.0	6.3.20
fortinet / fortiweb	7.0.0	7.0.2
fortinet / fortiweb	6.0.0	6.2.7.x

https://fortiguard.com/psirt/FG-IR-22-111

Vulnerability Database

289,784

CVE-2023-23782