Main Vulnerability Database Vulnerabilities #VU73200

#VU73200 Buffer Underwrite ('Buffer Underflow') in FortiOS and FortiProxy - CVE-2023-25610

Published: March 9, 2023 / Updated: June 26, 2023

Vulnerability identifier: #VU73200

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2023-25610

CWE-ID: CWE-124

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
FortiOS
FortiProxy

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a heap buffer underflow in the administrative interface. A remote non-authenticated attacker can send a specially crafted request to the administrative web interface of the affected device, trigger memory corruption and execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.fortinet.com/psirt/FG-IR-23-001

#VU73200 Buffer Underwrite ('Buffer Underflow') in FortiOS and FortiProxy - CVE-2023-25610

Description

Remediation

External links

Please verify you're human