{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-23780","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-01-18T08:30:21.307Z","datePublished":"2023-02-16T18:05:49.933Z","dateUpdated":"2024-10-23T14:48:11.378Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiWeb","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.1","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.2","status":"affected"},{"versionType":"semver","version":"6.3.6","lessThanOrEqual":"6.3.19","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-02-16T18:05:49.933Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-121","description":"Escalation of privilege","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":7.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiWeb version 7.0.2 or above\r\nPlease upgrade to FortiWeb version 6.3.20 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-118","url":"https://fortiguard.com/psirt/FG-IR-22-118"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:42:25.922Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-118","url":"https://fortiguard.com/psirt/FG-IR-22-118","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:11:55.673303Z","id":"CVE-2023-23780","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:48:11.378Z"}}]}}