ID

VAR-202302-1466


CVE

CVE-2023-23783


TITLE

fortinet's  Fortiweb  Format string vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004408

DESCRIPTION

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. fortinet's Fortiweb Exists in a format string vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-23783 // JVNDB: JVNDB-2023-004408 // VULHUB: VHN-452337 // VULMON: CVE-2023-23783

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:ltversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.4.0

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0 that's all 7.0.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0 that's all 6.4.2

Trust: 0.8

sources: JVNDB: JVNDB-2023-004408 // NVD: CVE-2023-23783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23783
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2023-23783
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-23783
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1421
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-23783
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-23783
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-23783
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004408 // CNNVD: CNNVD-202302-1421 // NVD: CVE-2023-23783 // NVD: CVE-2023-23783

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.0

problemtype:Format string problem (CWE-134) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004408 // NVD: CVE-2023-23783

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1421

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1421

PATCH

title:FG-IR-22-187url:https://fortiguard.com/psirt/FG-IR-22-187

Trust: 0.8

title:Fortinet FortiWeb Fixes for formatting string error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226801

Trust: 0.6

sources: JVNDB: JVNDB-2023-004408 // CNNVD: CNNVD-202302-1421

EXTERNAL IDS

db:NVDid:CVE-2023-23783

Trust: 3.4

db:JVNDBid:JVNDB-2023-004408

Trust: 0.8

db:CNNVDid:CNNVD-202302-1421

Trust: 0.6

db:VULHUBid:VHN-452337

Trust: 0.1

db:VULMONid:CVE-2023-23783

Trust: 0.1

sources: VULHUB: VHN-452337 // VULMON: CVE-2023-23783 // JVNDB: JVNDB-2023-004408 // CNNVD: CNNVD-202302-1421 // NVD: CVE-2023-23783

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-187

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-23783

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-23783/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-452337 // VULMON: CVE-2023-23783 // JVNDB: JVNDB-2023-004408 // CNNVD: CNNVD-202302-1421 // NVD: CVE-2023-23783

SOURCES

db:VULHUBid:VHN-452337
db:VULMONid:CVE-2023-23783
db:JVNDBid:JVNDB-2023-004408
db:CNNVDid:CNNVD-202302-1421
db:NVDid:CVE-2023-23783

LAST UPDATE DATE

2024-08-14T15:32:14.386000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-452337date:2023-02-24T00:00:00
db:VULMONid:CVE-2023-23783date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004408date:2023-10-30T05:45:00
db:CNNVDid:CNNVD-202302-1421date:2023-02-27T00:00:00
db:NVDid:CVE-2023-23783date:2023-11-07T04:07:58.507

SOURCES RELEASE DATE

db:VULHUBid:VHN-452337date:2023-02-16T00:00:00
db:VULMONid:CVE-2023-23783date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004408date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1421date:2023-02-16T00:00:00
db:NVDid:CVE-2023-23783date:2023-02-16T19:15:14.450