mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
134 lines
5.8 KiB
JSON
134 lines
5.8 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-25602",
|
|
"ASSIGNER": "psirt@fortinet.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Execute unauthorized code or commands",
|
|
"cweId": "CWE-121"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Fortinet",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "FortiWeb",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.4.0",
|
|
"version_value": "6.4.2"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.3.0",
|
|
"version_value": "6.3.17"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.2.0",
|
|
"version_value": "6.2.6"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.1.0",
|
|
"version_value": "6.1.2"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.0.0",
|
|
"version_value": "6.0.7"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "5.9.0",
|
|
"version_value": "5.9.1"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "5.8.5",
|
|
"version_value": "5.8.7"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "5.8.0",
|
|
"version_value": "5.8.3"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "5.7.0",
|
|
"version_value": "5.7.3"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "5.6.0",
|
|
"version_value": "5.6.2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://fortiguard.com/psirt/FG-IR-21-234",
|
|
"refsource": "MISC",
|
|
"name": "https://fortiguard.com/psirt/FG-IR-21-234"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Please upgrade to FortiWeb version 7.0.0 or above\r\nPlease upgrade to FortiWeb version 6.3.18 or above\r\nPlease upgrade to FortiWeb version 6.2.7 or above\r\nPlease upgrade to FortiWeb version 6.1.3 or above\r\nPlease upgrade to FortiWeb version 6.0.8 or above\r\nPlease upgrade to FortiWeb version 5.9.2 or above"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.4,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"
|
|
}
|
|
]
|
|
}
|
|
} |