CVE-2023-33302

EUVD-2023-37465

31.03.2025, 15:15

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet  FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.7 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
fortinet	CNA	4.5 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortimail	5.4.0 ≤ 𝑥 ≤ 5.4.12
fortinet	fortimail	6.0.0 ≤ 𝑥 < 6.0.11
fortinet	fortimail	6.2.0 ≤ 𝑥 < 6.2.7
fortinet	fortimail	6.4.0 ≤ 𝑥 < 6.4.5
fortinet	fortindr	1.1.0 ≤ 𝑥 < 7.2.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://fortiguard.fortinet.com/psirt/FG-IR-21-023