Buffer Overflow Vulnerabilities in Fortinet's FortiADC and FortiDDoS-F Products
CVE-2023-29177

6.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiddos-f; Fortiadc
Vendor: CVE Published:; 14 November 2023

Summary

Fortinet's FortiADC and FortiDDoS-F products are impacted by multiple buffer overflow vulnerabilities that occur due to improper size checks during buffer copy operations. These vulnerabilities could allow a privileged attacker to craft malicious Command-Line Interface (CLI) requests, potentially leading to arbitrary code execution or command execution in the affected systems. It is essential for users of FortiADC versions up to 7.2.0 and FortiDDoS-F versions up to 6.5.0 to apply the necessary updates to mitigate these risks.

Affected Version(s)

FortiADC 7.2.0

FortiADC 7.1.0 <= 7.1.2

FortiADC 7.0.0 <= 7.0.5

References

https://fortiguard.com/psirt/FG-IR-23-064

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Apr 3, 2023