CVE-2023-22639

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0 through 7.2.3 FortiProxy versions 1.0 through 7.2.2

Description The issue is related to an out-of-bounds write in memory, which can be exploited to allow an attacker to escalate their privileges. This can be achieved via specifically crafted commands. The vulnerability may also allow an authenticated attacker to achieve arbitrary code execution.

Recommendations For FortiOS versions 6.0 through 7.2.3, update to a version that contains a fix for this issue. For FortiProxy versions 1.0 through 7.2.2, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Command Line Interface to minimize the risk of exploitation.