Details of VAR-202302-1379

ID

VAR-202302-1379

CVE

CVE-2023-23781

TITLE

fortinet's Fortiweb Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004406

DESCRIPTION

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23781 // JVNDB: JVNDB-2023-004406 // VULHUB: VHN-452335 // VULMON: CVE-2023-23781

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	lt	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.3.20	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.4.2	Trust: 1.0
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	7.0.0 that's all 7.0.2	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.4.0 to 6.4.2	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.3.0 that's all 6.3.20	Trust: 0.8

sources: JVNDB: JVNDB-2023-004406 // NVD: CVE-2023-23781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-23781
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2023-23781
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-23781
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1420
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-23781
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2023-23781
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-23781
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004406 // CNNVD: CNNVD-202302-1420 // NVD: CVE-2023-23781 // NVD: CVE-2023-23781

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-121	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-452335 // JVNDB: JVNDB-2023-004406 // NVD: CVE-2023-23781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1420

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1420

PATCH

title:	FG-IR-21-091	url:	https://fortiguard.com/psirt/FG-IR-22-151	Trust: 0.8
title:	Fortinet FortiWeb Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226800	Trust: 0.6

sources: JVNDB: JVNDB-2023-004406 // CNNVD: CNNVD-202302-1420

EXTERNAL IDS

db:	NVD	id:	CVE-2023-23781	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004406	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.1160	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1420	Trust: 0.6
db:	VULHUB	id:	VHN-452335	Trust: 0.1
db:	VULMON	id:	CVE-2023-23781	Trust: 0.1

sources: VULHUB: VHN-452335 // VULMON: CVE-2023-23781 // JVNDB: JVNDB-2023-004406 // CNNVD: CNNVD-202302-1420 // NVD: CVE-2023-23781

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-151	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23781	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.1160	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-23781/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-452335 // VULMON: CVE-2023-23781 // JVNDB: JVNDB-2023-004406 // CNNVD: CNNVD-202302-1420 // NVD: CVE-2023-23781

SOURCES

db:	VULHUB	id:	VHN-452335
db:	VULMON	id:	CVE-2023-23781
db:	JVNDB	id:	JVNDB-2023-004406
db:	CNNVD	id:	CNNVD-202302-1420
db:	NVD	id:	CVE-2023-23781

LAST UPDATE DATE

2024-08-14T13:52:42.967000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-452335	date:	2023-02-28T00:00:00
db:	VULMON	id:	CVE-2023-23781	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004406	date:	2023-10-30T05:43:00
db:	CNNVD	id:	CNNVD-202302-1420	date:	2023-03-01T00:00:00
db:	NVD	id:	CVE-2023-23781	date:	2023-11-07T04:07:58

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-452335	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2023-23781	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004406	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1420	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2023-23781	date:	2023-02-16T19:15:14.317