Stack-based Overflow Vulnerability in Fortinet FortiOS and FortiProxy
CVE-2023-33308

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortiproxy; FortiOS
Vendor: CVE Published:; 26 July 2023

Badges

📰 News Worthy

Summary

A stack-based overflow vulnerability exists in Fortinet's FortiOS and FortiProxy products, specifically in versions 7.0.0 to 7.0.10 and 7.2.0 to 7.2.3 for FortiOS, as well as FortiProxy versions 7.0.0 to 7.0.9 and 7.2.0 to 7.2.2. This flaw allows an unauthenticated attacker to execute arbitrary code by sending specially crafted packets that exploit predefined proxy policies or firewall policies configured in proxy mode, thereby bypassing security measures through deep or full packet inspection. Consequently, systems utilizing these affected versions are at heightened risk of exploitation and compromise.

Affected Version(s)

FortiOS 7.2.0 <= 7.2.3

FortiOS 7.0.0 <= 7.0.10

FortiProxy 7.2.0 <= 7.2.2

News Articles

ÇözümPark

CVE-2023-33308

Fortinet FortiOS ve FortiProxy'de Kritik RCE Zafiyeti (CVE-2023-33308) - ÇözümPark

Fortinet FortiOS ve FortiProxy'de Kritik RCE Zafiyeti (CVE-2023-33308)

6 months ago

References

https://fortiguard.com/psirt/FG-IR-23-183

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by ÇözümPark
Jul 5, 2024
Vulnerability published
Jul 26, 2023
Vulnerability Reserved
May 22, 2023

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Fortinet FortiOS ve FortiProxy'de Kritik RCE Zafiyeti (CVE-2023-33308) - ÇözümPark

References

CVSS V3.1

Timeline