CVE-2023-25602

Summary

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb6.4.0 <= 6.4.2affected
FortinetFortiWeb6.3.0 <= 6.3.17affected
FortinetFortiWeb6.2.0 <= 6.2.6affected
FortinetFortiWeb6.1.0 <= 6.1.2affected
FortinetFortiWeb6.0.0 <= 6.0.7affected
FortinetFortiWeb5.9.0 <= 5.9.1affected
FortinetFortiWeb5.8.5 <= 5.8.7affected
FortinetFortiWeb5.8.0 <= 5.8.3affected
FortinetFortiWeb5.7.0 <= 5.7.3affected
FortinetFortiWeb5.6.0 <= 5.6.2affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References