CVE-2023-42789

EUVD-2023-47219
A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
fortinetfortiproxy
2.0.0 ≤
𝑥
≤ 2.0.13
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.12
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.6
fortinetfortiproxy
7.4.0
fortinetfortios
6.2.0 ≤
𝑥
≤ 6.2.15
fortinetfortios
6.4.0 ≤
𝑥
≤ 6.4.14
fortinetfortios
7.0.0 ≤
𝑥
≤ 7.0.12
fortinetfortios
7.2.0 ≤
𝑥
≤ 7.2.5
fortinetfortios
7.4.0
fortinetfortios
7.4.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fortinetfortios
7.4.0 ≤
𝑥
≤ 7.4.1
ADP
fortinetfortios
7.2.0 ≤
𝑥
≤ 7.2.5
ADP
fortinetfortios
7.0.0 ≤
𝑥
≤ 7.0.12
ADP
fortinetfortios
6.4.0 ≤
𝑥
≤ 6.4.14
ADP
fortinetfortios
6.2.0 ≤
𝑥
≤ 6.2.15
ADP
fortinetfortipam
1.1.0 ≤
𝑥
≤ 1.1.2
ADP
fortinetfortipam
1.0.0 ≤
𝑥
≤ 1.0.3
ADP
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.6
ADP
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.12
ADP
fortinetfortiproxy
2.0.0 ≤
𝑥
≤ 2.0.13
ADP