Main Vulnerability Database Vulnerabilities #VU72358

#VU72358 Format string error in FortiWeb - CVE-2023-23783

Published: February 17, 2023

Vulnerability identifier: #VU72358

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-23783

CWE-ID: CWE-134

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FortiWeb

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a format string error in the command line interpreter of FortiWeb. A local user can pass specially crafted command argument with format string specifiers to certain commands and execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.fortinet.com/psirt/FG-IR-22-187

#VU72358 Format string error in FortiWeb - CVE-2023-23783

Description

Remediation

External links

Please verify you're human