What is the CVSS score of CVE-2023-42784?

CVE-2023-42784 has a CVSS 3.1 base score of 5.6 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.1%.

Which versions of Fortinet are affected by CVE-2023-42784?

Organizations using Fortinet FortiWeb at least verions 7.4.0 should be aware of moderate risk from CVE-2023-42784 rated CVSS 5.6. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2023-42784?

Within 30 days: Identify affected systems running Fortinet FortiWeb at least verions 7.4.0 and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Fortinet CVE-2023-42784

MEDIUM

Improper Handling of Syntactically Invalid Structure (CWE-228)

2025-03-11 psirt@fortinet.com

Fortinet

5.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

CVE Published

Mar 11, 2025 - 15:15 nvd

MEDIUM 5.6

DescriptionNVD

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

AnalysisAI

FortiWeb, a web application firewall made by Fortinet, has a flaw where it doesn't properly validate certain malformed HTTP requests, allowing attackers to execute unauthorized code or commands on affected systems. The vulnerability impacts multiple versions of FortiWeb (7.0.0-7.0.10, 7.2.0-7.2.10, and 7.4.0-7.4.6). An attacker could exploit this by sending specially crafted requests to gain control of the system and run arbitrary commands.

Technical ContextAI

affects An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0. An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

Affected ProductsAI

Product: An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0. Versions: up to 7.4.6.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2023-42784 vulnerability details – vuln.today

Back