CVE-2023-22639

EUVD-2023-26773
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
fortinetCNA
6.3 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
fortinetfortiproxy
1.0.0 ≤
𝑥
≤ 1.0.7
fortinetfortiproxy
1.1.0 ≤
𝑥
≤ 1.1.6
fortinetfortiproxy
1.2.0 ≤
𝑥
≤ 1.2.13
fortinetfortiproxy
2.0.0 ≤
𝑥
≤ 2.0.12
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.8
fortinetfortiproxy
7.2.0
fortinetfortiproxy
7.2.1
fortinetfortiproxy
7.2.2
fortinetfortios
6.0.0 ≤
𝑥
≤ 6.0.17
fortinetfortios
6.2.0 ≤
𝑥
≤ 6.2.15
fortinetfortios
6.4.0 ≤
𝑥
≤ 6.4.12
fortinetfortios
7.0.0 ≤
𝑥
≤ 7.0.9
fortinetfortios
7.2.0 ≤
𝑥
≤ 7.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-22-494
https://fortiguard.com/psirt/FG-IR-22-494