CVE-2023-23780: Buffer Overflow
First published: Thu Feb 16 2023(Updated: )
A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | >=6.3.0<6.3.20 | |
| Fortinet FortiWeb | >=6.4.0<=6.4.2 | |
| Fortinet FortiWeb | >=7.0.0<7.0.2 |
Remedy
Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.20 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-23780.
What is the severity of CVE-2023-23780?
The severity of CVE-2023-23780 is high, with a CVSS score of 8.8.
Which software versions are affected by CVE-2023-23780?
Fortinet FortiWeb versions 6.3.0 through 6.3.19, 6.4.0 through 6.4.2, and 7.0.0 through 7.0.1 are affected by CVE-2023-23780.
How does an attacker exploit CVE-2023-23780?
An attacker can exploit CVE-2023-23780 by sending specifically crafted HTTP requests to the vulnerable Fortinet FortiWeb system.
Is there a fix for CVE-2023-23780?
Yes, Fortinet has released patches to address CVE-2023-23780. Please refer to the official Fortinet website or contact their support for the latest updates and patches.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- vendor/fortinet
- canonical/fortinet fortiweb
- version/fortinet fortiweb/6.3.0
- version/fortinet fortiweb/6.4.0
- version/fortinet fortiweb/6.4.2
- version/fortinet fortiweb/7.0.0