CVE-2023-33308

Summary

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.2.0 <= 7.2.2affected
FortinetFortiProxy7.0.0 <= 7.0.9affected
FortinetFortiOS7.2.0 <= 7.2.3affected
FortinetFortiOS7.0.0 <= 7.0.10affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References