Login Sign Up

CVE-2023-23780

8.0 HIGH
Buffer Overflow

📋 TL;DR

This CVE describes a stack-based buffer overflow vulnerability in Fortinet FortiWeb web application firewalls. Attackers can exploit it via specially crafted HTTP requests to escalate privileges, potentially gaining administrative control. Organizations running affected FortiWeb versions are at risk.

💻 Affected Systems

Products:
  • Fortinet FortiWeb
Versions: 7.0.0-7.0.1, 6.3.6-6.3.19, all 6.4.x versions
Operating Systems: FortiOS-based appliances
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations of affected versions are vulnerable if exposed to HTTP requests.

📦 What is this software?

Fortiweb by Fortinet

View all CVEs affecting Fortiweb →

Fortiweb by Fortinet

View all CVEs affecting Fortiweb →

Fortiweb by Fortinet

View all CVEs affecting Fortiweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative access, allowing attackers to modify configurations, disable security controls, and pivot to internal networks.

🟠

Likely Case

Privilege escalation to administrative level, enabling configuration changes, rule bypassing, and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting the FortiWeb management interface.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific HTTP requests but does not require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.2, 6.3.20, 6.4.5

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-22-118

Restart Required: Yes

Instructions:

1. Download appropriate firmware from Fortinet support portal. 2. Backup configuration. 3. Upload firmware via web GUI or CLI. 4. Reboot appliance. 5. Verify version update.

🔧 Temporary Workarounds

Restrict HTTP Access

all

Limit HTTP/HTTPS access to FortiWeb management interface to trusted IP addresses only.

config system interface
edit <interface>
set allowaccess https ssh
set trust-ip-1 <trusted_ip>
end

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate FortiWeb from untrusted networks.
  • Deploy additional WAF or IPS in front of FortiWeb to filter malicious HTTP requests.

🔍 How to Verify

Check if Vulnerable:

Check FortiWeb firmware version via web GUI (System > Dashboard) or CLI (get system status).

Check Version:

get system status | grep Version

Verify Fix Applied:

Confirm firmware version is 7.0.2+, 6.3.20+, or 6.4.5+ after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests with abnormal length or patterns
  • Multiple failed privilege escalation attempts
  • Configuration changes from unexpected sources

Network Indicators:

  • HTTP requests with unusually large headers or parameters
  • Traffic patterns targeting FortiWeb management interface

SIEM Query:

source="fortiweb" AND (http_request_size>10000 OR http_user_agent="malicious_pattern")

📊 Metadata

CVE ID: CVE-2023-23780
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: February 16, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23780, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)