CVE-2023-23783

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.4.0 through 7.0.1 FortiWeb version 7.0.0 through 7.0.1

Description The issue is related to a use of externally-controlled format string in FortiWeb, allowing an attacker to execute unauthorized code or commands via specially crafted command arguments. This can enable an attacker to run arbitrary code.

Recommendations For FortiWeb versions 6.4.0 through 7.0.1, update to a version that fixes the use of externally-controlled format strings to prevent code execution. For FortiWeb version 7.0.0 through 7.0.1, consider restricting access to command arguments until a patch is available.