ID

VAR-202302-1354


CVE

CVE-2023-23784


TITLE

fortinet's  Fortiweb  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004328

DESCRIPTION

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests. fortinet's Fortiweb Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2023-23784 // JVNDB: JVNDB-2023-004328 // VULHUB: VHN-452338 // VULMON: CVE-2023-23784

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.6

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:7.0.3

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.21

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0 that's all 7.0.3

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.6 that's all 6.3.21

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0 to 6.4.2

Trust: 0.8

sources: JVNDB: JVNDB-2023-004328 // NVD: CVE-2023-23784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23784
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2023-23784
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-23784
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-1417
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-23784
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-23784
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-23784
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004328 // CNNVD: CNNVD-202302-1417 // NVD: CVE-2023-23784 // NVD: CVE-2023-23784

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-23

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-452338 // JVNDB: JVNDB-2023-004328 // NVD: CVE-2023-23784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1417

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202302-1417

PATCH

title:FG-IR-22-251url:https://www.fortiguard.com/psirt/FG-IR-22-251

Trust: 0.8

title:Fortinet FortiWeb Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=227099

Trust: 0.6

sources: JVNDB: JVNDB-2023-004328 // CNNVD: CNNVD-202302-1417

EXTERNAL IDS

db:NVDid:CVE-2023-23784

Trust: 3.4

db:JVNDBid:JVNDB-2023-004328

Trust: 0.8

db:AUSCERTid:ESB-2023.1159

Trust: 0.6

db:CNNVDid:CNNVD-202302-1417

Trust: 0.6

db:VULHUBid:VHN-452338

Trust: 0.1

db:VULMONid:CVE-2023-23784

Trust: 0.1

sources: VULHUB: VHN-452338 // VULMON: CVE-2023-23784 // JVNDB: JVNDB-2023-004328 // CNNVD: CNNVD-202302-1417 // NVD: CVE-2023-23784

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-251

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-23784

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-23784/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1159

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-452338 // VULMON: CVE-2023-23784 // JVNDB: JVNDB-2023-004328 // CNNVD: CNNVD-202302-1417 // NVD: CVE-2023-23784

SOURCES

db:VULHUBid:VHN-452338
db:VULMONid:CVE-2023-23784
db:JVNDBid:JVNDB-2023-004328
db:CNNVDid:CNNVD-202302-1417
db:NVDid:CVE-2023-23784

LAST UPDATE DATE

2024-08-14T15:26:48.129000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-452338date:2023-02-28T00:00:00
db:VULMONid:CVE-2023-23784date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004328date:2023-10-30T01:05:00
db:CNNVDid:CNNVD-202302-1417date:2023-03-01T00:00:00
db:NVDid:CVE-2023-23784date:2023-11-07T04:07:58.743

SOURCES RELEASE DATE

db:VULHUBid:VHN-452338date:2023-02-16T00:00:00
db:VULMONid:CVE-2023-23784date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004328date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1417date:2023-02-16T00:00:00
db:NVDid:CVE-2023-23784date:2023-02-16T19:15:14.517