CVE-2023-23782

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.1 through 7.0.1 FortiWeb version 6.2 FortiWeb version 6.3.0 through 6.3.19 FortiWeb version 6.4

Description A heap-based buffer overflow in FortiWeb allows an attacker to escalate privileges via specifically crafted arguments to existing commands. The exploitation of this issue may enable an attacker to execute arbitrary code.

Recommendations For FortiWeb versions 6.1 through 7.0.1, update to a version that is not affected by this issue. For FortiWeb version 6.2, consider disabling existing commands that can be exploited with specifically crafted arguments until a patch is available. For FortiWeb version 6.3.0 through 6.3.19, restrict access to commands that can be used for privilege escalation. For FortiWeb version 6.4, avoid using existing commands with specifically crafted arguments until the issue is resolved.