PT-2023-3052 · Fortinet · Fortiweb

Published

2023-02-16

Updated

2023-02-24

CVE-2023-23782

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.1 through 7.0.1 FortiWeb version 6.2 FortiWeb version 6.3.0 through 6.3.19 FortiWeb version 6.4

Description A heap-based buffer overflow in FortiWeb allows an attacker to escalate privileges via specifically crafted arguments to existing commands. The exploitation of this issue may enable an attacker to execute arbitrary code.

Recommendations For FortiWeb versions 6.1 through 7.0.1, update to a version that is not affected by this issue. For FortiWeb version 6.2, consider disabling existing commands that can be exploited with specifically crafted arguments until a patch is available. For FortiWeb version 6.3.0 through 6.3.19, restrict access to commands that can be used for privilege escalation. For FortiWeb version 6.4, avoid using existing commands with specifically crafted arguments until the issue is resolved.

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

BDU:2023-03119

CVE-2023-23782

Affected Products

Fortiweb

PT-2023-3052 · Fortinet · Fortiweb

CVE-2023-23782

Weakness Enumeration

Related Identifiers

Affected Products

References · 6