CVE-2023-34984

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 6.3.6 through 6.3.23 Fortinet FortiWeb versions 6.4.0 through 6.4.3 Fortinet FortiWeb versions 7.0.0 through 7.0.6 Fortinet FortiWeb versions 7.2.0 through 7.2.1

Description A protection mechanism failure in Fortinet FortiWeb allows an attacker to execute unauthorized code or commands via specially crafted HTTP requests. This issue is related to a failure in the protection mechanism, which can be exploited by sending specially crafted HTTP requests, potentially allowing a remote attacker to bypass security restrictions and execute arbitrary code.

Recommendations For Fortinet FortiWeb versions 6.3.6 through 6.3.23, update to a version that includes a fix for this issue. For Fortinet FortiWeb versions 6.4.0 through 6.4.3, update to a version that includes a fix for this issue. For Fortinet FortiWeb versions 7.0.0 through 7.0.6, update to a version that includes a fix for this issue. For Fortinet FortiWeb versions 7.2.0 through 7.2.1, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the HTTP endpoint that is vulnerable to the specially crafted requests until a patch is available.