Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FORTIWEB_FG-IR-22-111.NASLHistoryMay 22, 2024 - 12:00 a.m.
Fortinet FortiWeb - Heap based overflow in CLI (FG-IR-22-111)
2024-05-2200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
fortinet fortiweb
cli
heap overflow
vulnerability
escalation of privilege
nessus scanner
cve-2023-23782
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0
Percentile
13.2%
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-111 advisory.
- A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands.
(CVE-2023-23782)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(197616);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/22");
script_cve_id("CVE-2023-23782");
script_name(english:"Fortinet FortiWeb - Heap based overflow in CLI (FG-IR-22-111)");
script_set_attribute(attribute:"synopsis", value:
"Fortinet Firewall is affected by a privilege escalation.");
script_set_attribute(attribute:"description", value:
"The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a
vulnerability as referenced in the FG-IR-22-111 advisory.
- A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0
through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows
attacker to escalation of privilege via specifically crafted arguments to existing commands.
(CVE-2023-23782)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.fortiguard.com/psirt/FG-IR-22-111");
script_set_attribute(attribute:"solution", value:
"Upgrade to FortiWeb version 6.3.20 / 7.0.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-23782");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/16");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:fortinet:fortiweb");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Firewalls");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("fortinet_version.nbin");
script_require_keys("Host/Fortigate/model", "Host/Fortigate/version");
exit(0);
}
include('vcf_extras_fortios.inc');
var app_name = 'FortiWeb';
var app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Fortigate/version');
vcf::fortios::verify_product_and_model(product_name:app_name);
var constraints = [
{ 'min_version' : '6.0.0', 'max_version' : '6.0.8', 'fixed_version' : '6.3.20', 'fixed_display' : '6.3.20' },
{ 'min_version' : '6.1.0', 'max_version' : '6.1.3', 'fixed_version' : '6.3.20', 'fixed_display' : '6.3.20' },
{ 'min_version' : '6.2.0', 'max_version' : '6.2.7', 'fixed_version' : '6.3.20', 'fixed_display' : '6.3.20' },
{ 'min_version' : '6.3.0', 'fixed_version' : '6.3.20' },
{ 'min_version' : '6.4.0', 'max_version' : '6.4.2', 'fixed_version' : '7.0.2', 'fixed_display' : '7.0.2' },
{ 'min_version' : '7.0.0', 'fixed_version' : '7.0.2' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Related
cnvd
cnvd
Fortinet FortiWeb Buffer Overflow Vulnerability (CNVD-2023-18301)
2023-02-20 00:00:00
cvelist
cvelist
CVE-2023-23782
2023-02-16 18:05:57
prion
prion
Heap overflow
2023-02-16 19:15:00
cve
cve
CVE-2023-23782
2023-02-16 19:15:14
nvd
nvd
CVE-2023-23782
2023-02-16 19:15:14
fortinet
fortinet
FortiWeb - Heap based overflow in CLI
2023-02-16 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0
Percentile
13.2%
Related for FORTIWEB_FG-IR-22-111.NASL