How to fix CVE-2023-42784?

Within 30 days: Identify affected systems running Fortinet FortiWeb at least verions 7.4.0 and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Fortinet affected by CVE-2023-42784?

Organizations using Fortinet FortiWeb at least verions 7.4.0 should be aware of moderate risk from CVE-2023-42784 rated CVSS 5.6. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2023-42784

MEDIUM

2025-03-11 [email protected]

5.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

CVE Published

Mar 11, 2025 - 15:15 nvd

MEDIUM 5.6

Description

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

Analysis

FortiWeb, a web application firewall made by Fortinet, has a flaw where it doesn't properly validate certain malformed HTTP requests, allowing attackers to execute unauthorized code or commands on affected systems. The vulnerability impacts multiple versions of FortiWeb (7.0.0-7.0.10, 7.2.0-7.2.10, and 7.4.0-7.4.6). An attacker could exploit this by sending specially crafted requests to gain control of the system and run arbitrary commands.

Technical Context

affects An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0. An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

Affected Products

Product: An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0. Versions: up to 7.4.6.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +28

POC: 0

CVE-2023-42784 vulnerability details – vuln.today

Back

CVE-2023-42784

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2023-42784

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code