ID

VAR-202302-1272


CVE

CVE-2023-23779


TITLE

fortinet's  Fortiweb  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-004329

DESCRIPTION

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. fortinet's Fortiweb for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23779 // JVNDB: JVNDB-2023-004329 // VULHUB: VHN-452333 // VULMON: CVE-2023-23779

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.6

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.3.19

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.6 to 6.3.19

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004329 // NVD: CVE-2023-23779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23779
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2023-23779
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-23779
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1422
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-23779
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-23779
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-23779
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004329 // CNNVD: CNNVD-202302-1422 // NVD: CVE-2023-23779 // NVD: CVE-2023-23779

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-452333 // JVNDB: JVNDB-2023-004329 // NVD: CVE-2023-23779

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1422

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-1422

PATCH

title:FG-IR-22-133url:https://www.fortiguard.com/psirt/FG-IR-22-133

Trust: 0.8

title:Fortinet FortiWeb Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=227100

Trust: 0.6

sources: JVNDB: JVNDB-2023-004329 // CNNVD: CNNVD-202302-1422

EXTERNAL IDS

db:NVDid:CVE-2023-23779

Trust: 3.4

db:JVNDBid:JVNDB-2023-004329

Trust: 0.8

db:CNNVDid:CNNVD-202302-1422

Trust: 0.6

db:VULHUBid:VHN-452333

Trust: 0.1

db:VULMONid:CVE-2023-23779

Trust: 0.1

sources: VULHUB: VHN-452333 // VULMON: CVE-2023-23779 // JVNDB: JVNDB-2023-004329 // CNNVD: CNNVD-202302-1422 // NVD: CVE-2023-23779

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-133

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-23779

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-23779/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-452333 // VULMON: CVE-2023-23779 // JVNDB: JVNDB-2023-004329 // CNNVD: CNNVD-202302-1422 // NVD: CVE-2023-23779

SOURCES

db:VULHUBid:VHN-452333
db:VULMONid:CVE-2023-23779
db:JVNDBid:JVNDB-2023-004329
db:CNNVDid:CNNVD-202302-1422
db:NVDid:CVE-2023-23779

LAST UPDATE DATE

2024-08-14T15:16:11.151000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-452333date:2023-02-28T00:00:00
db:VULMONid:CVE-2023-23779date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004329date:2023-10-30T01:08:00
db:CNNVDid:CNNVD-202302-1422date:2023-03-01T00:00:00
db:NVDid:CVE-2023-23779date:2023-11-07T04:07:57.423

SOURCES RELEASE DATE

db:VULHUBid:VHN-452333date:2023-02-16T00:00:00
db:VULMONid:CVE-2023-23779date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004329date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1422date:2023-02-16T00:00:00
db:NVDid:CVE-2023-23779date:2023-02-16T19:15:14.187