← Back

CVE-2023-34984

nvd nist
Published: Sep 13, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Affected (4)

Products: Fortinet: Fortiweb
Fortinet
1 product
Fortiweb
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortiweb
From 6.3.6 to 6.3.23
Fortiweb
From 6.4.0 to 6.4.3
Fortiweb
From 7.0.0 to 7.0.6
Fortiweb
From 7.2.0 to 7.2.1

Related CWEs

CWE-693
Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (2)

Source: psirt@fortinet.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.