Lucene search
FortinetCVELIST:CVE-2023-23783HistoryFeb 16, 2023 - 6:05 p.m.
CVE-2023-23783
2023-02-1618:05:55
CWE-134
fortinet
www.cve.org
4
cve-2023-23783
fortinet fortiweb
unauthorized code execution
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
EPSS
0
Percentile
11.0%
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
CNA Affected
[
{
"vendor": "Fortinet",
"product": "FortiWeb",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.1",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.0",
"lessThanOrEqual": "6.4.2",
"status": "affected"
}
]
}
]References
Related
cve
cve
CVE-2023-23783
2023-02-16 19:15:14
prion
prion
Format string
2023-02-16 19:15:00
nvd
nvd
CVE-2023-23783
2023-02-16 19:15:14
fortinet
fortinet
FortiWeb - format string vulnerability in the CLI
2023-02-16 00:00:00
cnvd
cnvd
Fortinet FortiWeb Formatting String Error Vulnerability
2023-03-01 00:00:00
nessus
nessus
Fortinet FortiWeb - format string vulnerability in the CLI (FG-IR-22-187)
2024-05-22 00:00:00
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
EPSS
0
Percentile
11.0%
Related for CVELIST:CVE-2023-23783