CVE-2023-22639 — Out-of-bounds Write in Fortinet Fortios

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGHNVD

CNA6.7

EPSS

0.0%

top 84.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedJun 13

Description

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.2+5

▶NVDfortinet/fortiproxy1.0.0 — 1.0.7+7

▶CVEListV5fortinet/fortios7.2.0 — 7.2.3+4

▶NVDfortinet/fortios6.0.0 — 6.0.17+4

🔴Vulnerability Details

CVEList

CVE-2023-22639: A out-of-bounds write in Fortinet FortiOS version 7↗2023-06-13

▶

GHSA

GHSA-rqg9-f682-xvvh: A out-of-bounds write in Fortinet FortiOS version 7↗2023-06-13

▶

📋Vendor Advisories

Fortinet

Out-of-bound write in CLI↗2023-06-13

▶