CVE-2023-37930

Summary

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.2.0 <= 7.2.6affected
FortinetFortiProxy7.0.0 <= 7.0.12affected
FortinetFortiOS7.4.0affected
FortinetFortiOS7.2.0 <= 7.2.5affected
FortinetFortiOS7.0.1 <= 7.0.11affected
FortinetFortiOS6.4.7 <= 6.4.14affected

Weaknesses

  • CWE-908: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References