cbcvebase.
CVE-2023-33308
published 2023-07-26

CVE-2023-33308: A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.87%
76.8th percentile
A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.

Affected

10 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortios
fortinetfortios7.0.0 – 7.0.10
fortinetfortios7.2.0 – 7.2.3
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy7.0.0 – 7.0.9
fortinetfortiproxy7.2.0 – 7.2.2

Detection & IOCsextracted from sources · hover to see the quote

  • Target traffic reaching proxy policies or firewall policies configured with proxy mode alongside deep or full packet inspection — crafted packets exploiting this vector should be monitored at the perimeter
  • Unauthenticated remote exploitation — no credentials required; monitor for unexpected code execution or crashes originating from FortiOS/FortiProxy proxy inspection processes
  • ·Vulnerability is only exploitable when proxy mode is enabled on firewall or proxy policies AND deep inspection or full packet inspection is also enabled — both conditions must be present for the attack surface to exist
  • ·Affected FortiOS versions: 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3; Affected FortiProxy versions: 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 — devices outside these ranges are not affected by this specific CVE
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.