CVE-2023-46718

Summary

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0 <= 7.4.1affected
FortinetFortiOS7.2.0 <= 7.2.11affected
FortinetFortiOS7.0.0 <= 7.0.18affected
FortinetFortiOS6.4.6 <= 6.4.16affected
FortinetFortiOS6.2.9 <= 6.2.17affected
FortinetFortiOS6.0.13 <= 6.0.18affected
FortinetFortiProxy7.4.0 <= 7.4.7affected
FortinetFortiProxy7.2.0 <= 7.2.15affected
FortinetFortiProxy7.0.0 <= 7.0.22affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References