CVE-2023-25610

CWE-1247 documents5 sources

Severity

9.8CRITICAL

EPSS

16.0%

top 5.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager Fortinet Fortios +5 more

Timeline

PublishedMar 24

Description

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages15 packages

▶NVDfortinet/fortios-6k7k6.0.4 — 6.2.13+2

▶CVEListV5fortinet/fortios-6k7k6.2.9 — 6.2.12+9

▶NVDfortinet/fortios5.0.0 — 6.2.13+3

▶CVEListV5fortinet/fortios7.2.0 — 7.2.3+8

▶NVDfortinet/fortiproxy1.1.0 — 7.0.9+1

🔴Vulnerability Details

CVEList

CVE-2023-25610: A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7↗2025-03-24

▶

GHSA

GHSA-wvpr-v2qr-ccvf: A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7↗2025-03-24

▶

📋Vendor Advisories

Fortinet

Heap buffer underflow in administrative interface↗2025-03-24

▶

🕵️Threat Intelligence

Wiz

The First Edition of Crying Out Cloud - The Newsletter! | Wiz↗2023-04-11

▶

Wiz

CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know | Wiz Blog↗2023-03-13

▶

Wiz

CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know | Wiz Blog↗2023-03-13

▶