CVE-2023-46714Stack-based Buffer Overflow in Fortinet Fortios

CWE-121Stack-based Buffer Overflow4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 60.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedMay 14

Description

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortios7.4.07.4.1+1
NVDfortinet/fortios7.2.17.2.6+2

🔴Vulnerability Details

2
CVEList
CVE-2023-46714: A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 72024-05-14
GHSA
GHSA-43hj-8x3j-rc7x: A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 72024-05-14

📋Vendor Advisories

1
Fortinet
Buffer overflow in administrative interface2024-05-14
CVE-2023-46714 — Stack-based Buffer Overflow | cvebase