CVE-2023-22639

13.06.2023, 09:15

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
fortinet	CNA	6.3 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Vendor	Product	Version
fortinet	fortiproxy	1.0.0 ≤ 𝑥 ≤ 1.0.7
fortinet	fortiproxy	1.1.0 ≤ 𝑥 ≤ 1.1.6
fortinet	fortiproxy	1.2.0 ≤ 𝑥 ≤ 1.2.13
fortinet	fortiproxy	2.0.0 ≤ 𝑥 ≤ 2.0.12
fortinet	fortiproxy	7.0.0 ≤ 𝑥 ≤ 7.0.8
fortinet	fortiproxy	7.2.0
fortinet	fortiproxy	7.2.1
fortinet	fortiproxy	7.2.2
fortinet	fortios	6.0.0 ≤ 𝑥 ≤ 6.0.17
fortinet	fortios	6.2.0 ≤ 𝑥 ≤ 6.2.15
fortinet	fortios	6.4.0 ≤ 𝑥 ≤ 6.4.12
fortinet	fortios	7.0.0 ≤ 𝑥 ≤ 7.0.9
fortinet	fortios	7.2.0 ≤ 𝑥 ≤ 7.2.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://fortiguard.com/psirt/FG-IR-22-494