CVE-2023-33308

Published: Jul 26, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.

Affected (6)

Products: Fortinet: Fortios, Fortiproxy

Fortinet

2 products

Fortios

Fortiproxy

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 7.0.0 to 7.0.10
Fortinet Fortios	From 7.2.0 to 7.2.3
Fortinet Fortiproxy	From 7.0.0 to 7.0.9
Fortinet Fortiproxy	Version 7.2.0
Fortinet Fortiproxy	Version 7.2.1
Fortinet Fortiproxy	Version 7.2.2

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://fortiguard.com/psirt/FG-IR-23-183

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-183

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.