CVE-2023-33308
26.07.2023, 15:15
A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortiproxy | 7.0.0 ≤ 𝑥 ≤ 7.0.9 |
| fortinet | fortiproxy | 7.2.0 |
| fortinet | fortiproxy | 7.2.1 |
| fortinet | fortiproxy | 7.2.2 |
| fortinet | fortios | 7.0.0 ≤ 𝑥 ≤ 7.0.10 |
| fortinet | fortios | 7.2.0 ≤ 𝑥 ≤ 7.2.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.