ID

VAR-202302-1446


CVE

CVE-2023-23782


TITLE

fortinet's  Fortiweb  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004407

DESCRIPTION

A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23782 // JVNDB: JVNDB-2023-004407 // VULHUB: VHN-452336 // VULMON: CVE-2023-23782

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:ltversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.20

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.2.7

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0 to 6.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.0 that's all 6.3.20

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.0.0 to 6.2.7

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0 that's all 7.0.2

Trust: 0.8

sources: JVNDB: JVNDB-2023-004407 // NVD: CVE-2023-23782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23782
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2023-23782
value: HIGH

Trust: 1.0

NVD: CVE-2023-23782
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1418
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-23782
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-23782
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004407 // CNNVD: CNNVD-202302-1418 // NVD: CVE-2023-23782 // NVD: CVE-2023-23782

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-122

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-452336 // JVNDB: JVNDB-2023-004407 // NVD: CVE-2023-23782

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1418

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1418

PATCH

title:FG-IR-22-111url:https://www.fortiguard.com/psirt/FG-IR-22-111

Trust: 0.8

title:Fortinet FortiWeb Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226798

Trust: 0.6

sources: JVNDB: JVNDB-2023-004407 // CNNVD: CNNVD-202302-1418

EXTERNAL IDS

db:NVDid:CVE-2023-23782

Trust: 3.4

db:JVNDBid:JVNDB-2023-004407

Trust: 0.8

db:AUSCERTid:ESB-2023.1051

Trust: 0.6

db:CNNVDid:CNNVD-202302-1418

Trust: 0.6

db:VULHUBid:VHN-452336

Trust: 0.1

db:VULMONid:CVE-2023-23782

Trust: 0.1

sources: VULHUB: VHN-452336 // VULMON: CVE-2023-23782 // JVNDB: JVNDB-2023-004407 // CNNVD: CNNVD-202302-1418 // NVD: CVE-2023-23782

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-111

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-23782

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.1051

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-23782/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-452336 // VULMON: CVE-2023-23782 // JVNDB: JVNDB-2023-004407 // CNNVD: CNNVD-202302-1418 // NVD: CVE-2023-23782

SOURCES

db:VULHUBid:VHN-452336
db:VULMONid:CVE-2023-23782
db:JVNDBid:JVNDB-2023-004407
db:CNNVDid:CNNVD-202302-1418
db:NVDid:CVE-2023-23782

LAST UPDATE DATE

2024-08-14T15:00:28.621000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-452336date:2023-02-24T00:00:00
db:VULMONid:CVE-2023-23782date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004407date:2023-10-30T05:44:00
db:CNNVDid:CNNVD-202302-1418date:2023-02-27T00:00:00
db:NVDid:CVE-2023-23782date:2023-11-07T04:07:58.240

SOURCES RELEASE DATE

db:VULHUBid:VHN-452336date:2023-02-16T00:00:00
db:VULMONid:CVE-2023-23782date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004407date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1418date:2023-02-16T00:00:00
db:NVDid:CVE-2023-23782date:2023-02-16T19:15:14.383