Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-34984

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Published

2023-09-13T13:15:08.527

Last Modified

2024-11-21T08:07:46.510

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-693
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiweb	≤ 6.3.23	Yes
Application	fortinet	fortiweb	≤ 6.4.3	Yes
Application	fortinet	fortiweb	≤ 7.0.6	Yes
Application	fortinet	fortiweb	≤ 7.2.1	Yes

References

https://fortiguard.com/psirt/FG-IR-23-068 Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-23-068 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)