Lucene search
FortinetCVE-2023-23783HistoryFeb 16, 2023 - 7:15 p.m.
CVE-2023-23783
2023-02-1619:15:14
CWE-134
fortinet
web.nvd.nist.gov
24
cve
fortinet
fortiweb
security
vulnerability
format string
nvd
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
11.0%
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
Affected configurations
Node
fortinetfortiwebRange6.4.0–6.4.2
ORfortinetfortiwebRange7.0.0–7.0.2
CNA Affected
[
{
"vendor": "Fortinet",
"product": "FortiWeb",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.1",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.0",
"lessThanOrEqual": "6.4.2",
"status": "affected"
}
]
}
]References
Related
prion
prion
Format string
2023-02-16 19:15:00
nvd
nvd
CVE-2023-23783
2023-02-16 19:15:14
nessus
nessus
Fortinet FortiWeb - format string vulnerability in the CLI (FG-IR-22-187)
2024-05-22 00:00:00
fortinet
fortinet
FortiWeb - format string vulnerability in the CLI
2023-02-16 00:00:00
cnvd
cnvd
Fortinet FortiWeb Formatting String Error Vulnerability
2023-03-01 00:00:00
cvelist
cvelist
CVE-2023-23783
2023-02-16 18:05:55
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
11.0%
Related for CVE-2023-23783