| IR Number | FG-IR-22-187 |
| Date | Feb 16, 2023 |
| Component | CLI |
| Severity |
Medium |
| CVSSv3 Score | 6.5 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2023-23783 |
| Affected Products |
FortiWeb
:
7.0.1, 7.0.0, 6.4.3, 6.4.2, 6.4.1, 6.4.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - format string vulnerability in the CLI
Summary
A format string vulnerability [CWE-134] in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
| Major Version | Affected Products | Solutions |
|---|---|---|
| 7.0 | FortiWeb version 7.0.0 through 7.0.1 | Please upgrade to FortiWeb version 7.0.2 or above |
| 6.4 | FortiWeb 6.4 all versions | Please upgrade to upper major version (check above line) |