March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Adobe Substance 3D Designer Vulnerabilities
January 1, 2024Rewterz Threat Alert – Mirai Botnet aka Katana – Active IOCs
January 2, 2024Rewterz Threat Advisory – Multiple Adobe Substance 3D Designer Vulnerabilities
January 1, 2024Rewterz Threat Alert – Mirai Botnet aka Katana – Active IOCs
January 2, 2024
Severity
High
Analysis Summary
CVE-2023-46713 CVSS:5.3
Fortinet FortiWeb could allow a remote attacker to execute arbitrary code on the system, caused by improper output neutralization for logs in the Traffic Log component. By using a specially crafted URL, an attacker could exploit this vulnerability to forge traffic logs and execute arbitrary code on the system.
CVE-2023-48791 CVSS:8.8
Fortinet FortiPortal could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending specifically crafted arguments in the Schedule System Backup page field, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Code Execution
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-46713
- CVE-2023-48791
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiPortal 7.0.0
- Fortinet FortiWeb 6.3.20
- Fortinet FortiWeb 7.0.6
- Fortinet FortiWeb 7.2.0
- Fortinet FortiWeb 7.2.1
- Fortinet FortiPortal 7.0.6
- Fortinet FortiPortal 7.2.0
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.