CVE-2023-23781 - OpenCVE

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortiweb

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::

No data.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-22-151

History

No history.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-02-16T18:06:09.054Z

Updated: 2024-08-02T10:42:26.150Z

Reserved: 2023-01-18T08:30:21.308Z

Link: CVE-2023-23781

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-16T19:15:14.317

Modified: 2023-11-07T04:07:58.000

Link: CVE-2023-23781

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23781", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-01-18T08:30:21.308Z", "datePublished": "2023-02-16T18:06:09.054Z", "dateUpdated": "2024-08-02T10:42:26.150Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiWeb", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.1", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.2", "status": "affected"}, {"versionType": "semver", "version": "6.3.6", "lessThanOrEqual": "6.3.19", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via\u00a0specifically crafted XML files."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-02-16T18:06:09.054Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "Denial of service", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiWeb version 7.0.2 or above\r\nPlease upgrade to FortiWeb version 6.3.20 or above"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-151", "url": "https://fortiguard.com/psirt/FG-IR-22-151"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:26.150Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-151", "url": "https://fortiguard.com/psirt/FG-IR-22-151", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EC1014F-44DE-4FC7-B0A7-82BEA9A443F2", "versionEndExcluding": "6.3.20", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6B93ABE-8620-4253-83C0-3D2228D20118", "versionEndIncluding": "6.4.2", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "9054E8B0-2CF0-4DD3-8D5A-34C399F7C20D", "versionEndExcluding": "7.0.2", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via\u00a0specifically crafted XML files."}], "id": "CVE-2023-23781", "lastModified": "2023-11-07T04:07:58.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2023-02-16T19:15:14.317", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-151"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}