Stack-based Overflow Vulnerability in Fortinet FortiOS and FortiProxy
CVE-2023-33308

9.8CRITICAL

Key Information:

Vendor

Fortinet
Status
Fortiproxy
FortiOS
Vendor
CVE Published:
26 July 2023

Badges

đź“° News Worthy

What is CVE-2023-33308?

A stack-based overflow vulnerability exists in Fortinet's FortiOS and FortiProxy products, specifically in versions 7.0.0 to 7.0.10 and 7.2.0 to 7.2.3 for FortiOS, as well as FortiProxy versions 7.0.0 to 7.0.9 and 7.2.0 to 7.2.2. This flaw allows an unauthenticated attacker to execute arbitrary code by sending specially crafted packets that exploit predefined proxy policies or firewall policies configured in proxy mode, thereby bypassing security measures through deep or full packet inspection. Consequently, systems utilizing these affected versions are at heightened risk of exploitation and compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiOS 7.2.0 <= 7.2.3

FortiOS 7.0.0 <= 7.0.10

FortiProxy 7.2.0 <= 7.2.2

News Articles

favicon imageÇözümPark

Fortinet FortiOS ve FortiProxy'de Kritik RCE Zafiyeti (CVE-2023-33308) - ÇözümPark

Fortinet FortiOS ve FortiProxy'de Kritik RCE Zafiyeti (CVE-2023-33308)

References

https://fortiguard.com/psirt/FG-IR-23-183

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by ÇözümPark

  • Vulnerability published

  • Vulnerability Reserved

JSON
.