Lucene search
FortinetCVELIST:CVE-2023-23783HistoryFeb 16, 2023 - 6:05 p.m.
CVE-2023-23783
2023-02-1618:05:55
CWE-134
fortinet
www.cve.org
cve-2023-23783
fortinet fortiweb
unauthorized code execution
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
0.0004 Low
EPSS
Percentile
5.2%
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
CNA Affected
[
{
"vendor": "Fortinet",
"product": "FortiWeb",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.1",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.0",
"lessThanOrEqual": "6.4.2",
"status": "affected"
}
]
}
]References
Related
prion
prion
Format string
2023-02-16 19:15:00
cve
cve
CVE-2023-23783
2023-02-16 19:15:14
nessus
nessus
Fortinet FortiWeb - format string vulnerability in the CLI (FG-IR-22-187)
2024-05-22 00:00:00
cnvd
cnvd
Fortinet FortiWeb Formatting String Error Vulnerability
2023-03-01 00:00:00
fortinet
fortinet
FortiWeb - format string vulnerability in the CLI
2023-02-16 00:00:00
nvd
nvd
CVE-2023-23783
2023-02-16 19:15:14
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
0.0004 Low
EPSS
Percentile
5.2%
Related for CVELIST:CVE-2023-23783