CVE-2023-23777

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.0.1 and below FortiWeb version 6.4 all versions FortiWeb version 6.3.18 and below

Description The issue is related to an improper neutralization of special elements used in an OS command, which may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters. Exploitation of this issue can enable a remote attacker to execute arbitrary code or commands using a specially crafted HTTP request.

Recommendations For FortiWeb versions 7.0.1 and below, update to a version above 7.0.1 to resolve the issue. For FortiWeb version 6.4 all versions, consider disabling the cli backup feature until a patch is available. For FortiWeb version 6.3.18 and below, restrict access to the backup parameters to minimize the risk of exploitation.