CVE-2023-29182
17.08.2023, 10:15
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortios | 6.2.0 ≤ 𝑥 < 7.0.4 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| fortinet | fortios | 7.0.0 ≤ 𝑥 ≤ 7.0.3 | ADP |
| fortinet | fortios | 6.4.0 ≤ 𝑥 ≤ 6.4.14 | ADP |
| fortinet | fortios | 6.2.0 ≤ 𝑥 ≤ 6.2.15 | ADP |
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.