CVE-2023-42784
First published: Tue Mar 11 2025(Updated: )
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | >=7.4.0<=7.4.6>=7.2.0<=7.2.10>=7.0.0<=7.0.10 |
Remedy
Please upgrade to FortiWeb version 7.6.0 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-42784?
CVE-2023-42784 has been classified as a critical vulnerability due to its potential to allow unauthorized remote code execution.
How do I fix CVE-2023-42784?
To fix CVE-2023-42784, upgrade Fortinet FortiWeb to a version later than 7.4.6, 7.2.10, or 7.0.10.
Who is affected by CVE-2023-42784?
CVE-2023-42784 affects Fortinet FortiWeb versions 7.0.0 to 7.0.10, 7.2.0 to 7.2.10, and 7.4.0 to 7.4.6.
What types of attacks can exploit CVE-2023-42784?
CVE-2023-42784 can be exploited through specially crafted HTTP/S requests, potentially allowing attackers to execute unauthorized commands.
Is there a workaround for CVE-2023-42784?
There are no recommended workarounds for CVE-2023-42784; the only mitigation is to apply the available software updates.
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/severity
- agent/author
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortiweb