Lucene search
HistoryFeb 16, 2023 - 7:15 p.m.
CVE-2023-23783
cve-2023-23783
fortinet fortiweb
unauthorized code execution
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0
Percentile
11.0%
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
Affected configurations
Node
fortinetfortiwebRange6.4.0–6.4.2
ORfortinetfortiwebRange7.0.0–7.0.2
References
Related
prion
prion
Format string
2023-02-16 19:15:00
cve
cve
CVE-2023-23783
2023-02-16 19:15:14
fortinet
fortinet
FortiWeb - format string vulnerability in the CLI
2023-02-16 00:00:00
cnvd
cnvd
Fortinet FortiWeb Formatting String Error Vulnerability
2023-03-01 00:00:00
cvelist
cvelist
CVE-2023-23783
2023-02-16 18:05:55
nessus
nessus
Fortinet FortiWeb - format string vulnerability in the CLI (FG-IR-22-187)
2024-05-22 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0
Percentile
11.0%
Related for NVD:CVE-2023-23783