CVE-2023-22640 — Out-of-bounds Write in Fortinet Fortios

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.8HIGHNVD

CNA7.5

EPSS

0.5%

top 34.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedMay 3

Latest updateMay 4

Description

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically cra…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.1+5

▶NVDfortinet/fortiproxy4 versions+3

▶NVDfortinet/fortios6.2.0 — 6.2.14+4

▶CVEListV5fortinet/fortios7.2.0 — 7.2.3+4

🔴Vulnerability Details

GHSA

GHSA-jmw9-f5xc-4q6q: A out-of-bounds write in Fortinet FortiOS version 7↗2023-05-04

▶

CVEList

CVE-2023-22640: A out-of-bounds write in Fortinet FortiOS version 7↗2023-05-03

▶

📋Vendor Advisories

Fortinet

Out-of-bound-write in sslvpnd↗2023-05-03

▶