CVE-2023-42790

Summary

A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.4.0affected
FortinetFortiProxy7.2.0 <= 7.2.6affected
FortinetFortiProxy7.0.0 <= 7.0.12affected
FortinetFortiProxy2.0.0 <= 2.0.13affected
FortinetFortiOS7.4.0 <= 7.4.1affected
FortinetFortiOS7.2.0 <= 7.2.5affected
FortinetFortiOS7.0.0 <= 7.0.12affected
FortinetFortiOS6.4.0 <= 6.4.14affected
FortinetFortiOS6.2.0 <= 6.2.15affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References