CVE-2023-23777

Summary

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.0.0 <= 7.0.1affected
FortinetFortiWeb6.4.0 <= 6.4.3affected
FortinetFortiWeb6.3.6 <= 6.3.18affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References