PT-2023-7379 · Fortinet · Fortiddos-F+1
Publicado
2023-11-14
·
Atualizado
2023-11-21
·
CVE-2023-29177
CVSS v3.1
6.7
Média
| Vetor | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FortiADC versions 7.2.0 and prior to 7.1.2
FortiDDoS-F versions 6.5.0 and prior to 6.4.1
Description
The issue is related to multiple buffer copy without checking the size of input, which is a 'classic buffer overflow' vulnerability. This allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.
Recommendations
For FortiADC versions 7.2.0 and prior to 7.1.2, update to a version that includes the fix for this issue.
For FortiDDoS-F versions 6.5.0 and prior to 6.4.1, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fortiadc
Fortiddos-F