CVE-2023-23780

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 6.3.6 through 6.3.19 Fortinet FortiWeb versions 7.0.0 through 7.0.1 Fortinet FortiWeb 6.4 all versions

Description A stack-based buffer overflow in Fortinet FortiWeb allows an attacker to escalate privileges via specifically crafted HTTP requests. The vulnerability is related to a buffer overflow in memory, which can be exploited by a remote attacker to gain elevated privileges.

Recommendations For Fortinet FortiWeb versions 6.3.6 through 6.3.19, update to a version that fixes the buffer overflow issue. For Fortinet FortiWeb versions 7.0.0 through 7.0.1, update to a version that fixes the buffer overflow issue. For Fortinet FortiWeb 6.4 all versions, update to a version that fixes the buffer overflow issue. As a temporary workaround, consider restricting access to the HTTP endpoint that is vulnerable to the buffer overflow until a patch is available.