CVE-2023-34984

HIGH

Fortinet FortiWeb <7.2.1 - RCE

Title source: llm

Description

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-23-068

Scores

CVSS v3 7.5

EPSS 0.0037

EPSS Percentile 58.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-693

Status published

Affected Products (1)

fortinet/fortiweb < 6.3.23

Timeline

Published Sep 13, 2023

Tracked Since Feb 18, 2026