CVE-2023-25610: A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Affected

77 ranges· showing 25

Vendor	Product	Version range	Fixed in
fortinet	fortianalyzer	—	—
fortinet	fortianalyzer	—	—
fortinet	fortianalyzer	>= 6.0.0 < 6.0.12	6.0.12
fortinet	fortianalyzer	6.0.0 – 6.0.11	—
fortinet	fortianalyzer	>= 6.2.0 < 6.2.11	6.2.11
fortinet	fortianalyzer	6.2.0 – 6.2.10	—
fortinet	fortianalyzer	>= 6.4.0 < 6.4.12	6.4.12
fortinet	fortianalyzer	6.4.0 – 6.4.11	—
fortinet	fortianalyzer	>= 7.0.0 < 7.0.5	7.0.5
fortinet	fortianalyzer	7.0.0 – 7.0.4	—
fortinet	fortimanager	—	—
fortinet	fortimanager	—	—
fortinet	fortimanager	>= 6.0.0 < 6.0.12	6.0.12
fortinet	fortimanager	6.0.0 – 6.0.11	—
fortinet	fortimanager	>= 6.2.0 < 6.2.11	6.2.11
fortinet	fortimanager	6.2.0 – 6.2.10	—
fortinet	fortimanager	>= 6.4.0 < 6.4.12	6.4.12
fortinet	fortimanager	6.4.0 – 6.4.11	—
fortinet	fortimanager	>= 7.0.0 < 7.0.5	7.0.5
fortinet	fortimanager	7.0.0 – 7.0.4	—
fortinet	fortinet	—	—
fortinet	fortios	—	—
fortinet	fortios	>= 5.0.0 < 6.2.13	6.2.13
fortinet	fortios	5.0.0 – 5.0.14	—
fortinet	fortios	5.2.0 – 5.2.15	—