ID

VAR-202302-1379


CVE

CVE-2023-23781


TITLE

fortinet's  Fortiweb  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004406

DESCRIPTION

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23781 // JVNDB: JVNDB-2023-004406 // VULHUB: VHN-452335 // VULMON: CVE-2023-23781

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:ltversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.20

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.4.2

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0 that's all 7.0.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0 to 6.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.0 that's all 6.3.20

Trust: 0.8

sources: JVNDB: JVNDB-2023-004406 // NVD: CVE-2023-23781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23781
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2023-23781
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-23781
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1420
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-23781
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-23781
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-23781
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004406 // CNNVD: CNNVD-202302-1420 // NVD: CVE-2023-23781 // NVD: CVE-2023-23781

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-452335 // JVNDB: JVNDB-2023-004406 // NVD: CVE-2023-23781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1420

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1420

PATCH

title:FG-IR-21-091url:https://fortiguard.com/psirt/FG-IR-22-151

Trust: 0.8

title:Fortinet FortiWeb Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226800

Trust: 0.6

sources: JVNDB: JVNDB-2023-004406 // CNNVD: CNNVD-202302-1420

EXTERNAL IDS

db:NVDid:CVE-2023-23781

Trust: 3.4

db:JVNDBid:JVNDB-2023-004406

Trust: 0.8

db:AUSCERTid:ESB-2023.1160

Trust: 0.6

db:CNNVDid:CNNVD-202302-1420

Trust: 0.6

db:VULHUBid:VHN-452335

Trust: 0.1

db:VULMONid:CVE-2023-23781

Trust: 0.1

sources: VULHUB: VHN-452335 // VULMON: CVE-2023-23781 // JVNDB: JVNDB-2023-004406 // CNNVD: CNNVD-202302-1420 // NVD: CVE-2023-23781

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-151

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-23781

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.1160

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-23781/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-452335 // VULMON: CVE-2023-23781 // JVNDB: JVNDB-2023-004406 // CNNVD: CNNVD-202302-1420 // NVD: CVE-2023-23781

SOURCES

db:VULHUBid:VHN-452335
db:VULMONid:CVE-2023-23781
db:JVNDBid:JVNDB-2023-004406
db:CNNVDid:CNNVD-202302-1420
db:NVDid:CVE-2023-23781

LAST UPDATE DATE

2024-08-14T13:52:42.967000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-452335date:2023-02-28T00:00:00
db:VULMONid:CVE-2023-23781date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004406date:2023-10-30T05:43:00
db:CNNVDid:CNNVD-202302-1420date:2023-03-01T00:00:00
db:NVDid:CVE-2023-23781date:2023-11-07T04:07:58

SOURCES RELEASE DATE

db:VULHUBid:VHN-452335date:2023-02-16T00:00:00
db:VULMONid:CVE-2023-23781date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004406date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1420date:2023-02-16T00:00:00
db:NVDid:CVE-2023-23781date:2023-02-16T19:15:14.317