CVE-2023-25610

CVSS 9.3 CRITICALEPSS 17.8%CWE-124

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

Affected products

Fortinet · FortiAnalyzer Fortinet · FortiManager Fortinet · FortiOS Fortinet · FortiOS-6K7K Fortinet · FortiProxy Fortinet · FortiSwitchManager Fortinet · FortiWeb

public PoCs found — 1

githubgithub.com/qi4L/CVE-2023-25610★ 23

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/psirt/FG-IR-23-001