CVE-2023-42789 — Out-of-bounds Write in Fortinet Fortios

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

30.0%

top 3.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortipam Fortinet Fortiproxy

Timeline

PublishedMar 12

Description

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5fortinet/fortios7.4.0 — 7.4.1+4

▶NVDfortinet/fortios6.2.0 — 6.2.15+5

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.6+3

▶NVDfortinet/fortiproxy2.0.0 — 2.0.13+3

▶CVEListV5fortinet/fortipam1.1.0 — 1.1.2+1

🔴Vulnerability Details

CVEList

CVE-2023-42789: A out-of-bounds write in Fortinet FortiOS 7↗2024-03-12

▶

GHSA

GHSA-96vw-xpr8-777x: A out-of-bounds write in Fortinet FortiOS 7↗2024-03-12

▶

📋Vendor Advisories

Fortinet

Out-of-bounds Write in captive portal↗2024-03-12

▶