Details of VAR-202302-1446

ID

VAR-202302-1446

CVE

CVE-2023-23782

TITLE

fortinet's Fortiweb Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004407

DESCRIPTION

A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23782 // JVNDB: JVNDB-2023-004407 // VULHUB: VHN-452336 // VULMON: CVE-2023-23782

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	lt	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.3.20	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.2.7	Trust: 1.0
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.4.0 to 6.4.2	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.3.0 that's all 6.3.20	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.0.0 to 6.2.7	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	7.0.0 that's all 7.0.2	Trust: 0.8

sources: JVNDB: JVNDB-2023-004407 // NVD: CVE-2023-23782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-23782
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2023-23782
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-23782
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1418
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-23782
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-23782
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004407 // CNNVD: CNNVD-202302-1418 // NVD: CVE-2023-23782 // NVD: CVE-2023-23782

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-122	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-452336 // JVNDB: JVNDB-2023-004407 // NVD: CVE-2023-23782

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1418

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1418

PATCH

title:	FG-IR-22-111	url:	https://www.fortiguard.com/psirt/FG-IR-22-111	Trust: 0.8
title:	Fortinet FortiWeb Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226798	Trust: 0.6

sources: JVNDB: JVNDB-2023-004407 // CNNVD: CNNVD-202302-1418

EXTERNAL IDS

db:	NVD	id:	CVE-2023-23782	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004407	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.1051	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1418	Trust: 0.6
db:	VULHUB	id:	VHN-452336	Trust: 0.1
db:	VULMON	id:	CVE-2023-23782	Trust: 0.1

sources: VULHUB: VHN-452336 // VULMON: CVE-2023-23782 // JVNDB: JVNDB-2023-004407 // CNNVD: CNNVD-202302-1418 // NVD: CVE-2023-23782

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-111	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23782	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.1051	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-23782/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-452336 // VULMON: CVE-2023-23782 // JVNDB: JVNDB-2023-004407 // CNNVD: CNNVD-202302-1418 // NVD: CVE-2023-23782

SOURCES

db:	VULHUB	id:	VHN-452336
db:	VULMON	id:	CVE-2023-23782
db:	JVNDB	id:	JVNDB-2023-004407
db:	CNNVD	id:	CNNVD-202302-1418
db:	NVD	id:	CVE-2023-23782

LAST UPDATE DATE

2024-08-14T15:00:28.621000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-452336	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2023-23782	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004407	date:	2023-10-30T05:44:00
db:	CNNVD	id:	CNNVD-202302-1418	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2023-23782	date:	2023-11-07T04:07:58.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-452336	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2023-23782	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004407	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1418	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2023-23782	date:	2023-02-16T19:15:14.383