PT-2023-4455 · Fortinet · Fortios

Published

2023-08-09

Updated

2023-08-23

CVE-2023-29182

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions prior to 7.0.3

Description A stack-based buffer overflow vulnerability in Fortinet FortiOS allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections. This issue is related to reading data beyond the boundaries of a buffer in memory.

Recommendations For Fortinet FortiOS versions prior to 7.0.3, update to version 7.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the CLI commands to minimize the risk of exploitation. Additionally, ensure that FortiOS stack protections are enabled and properly configured to prevent attackers from evading these protections.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2023-04850

CVE-2023-29182

Affected Products

Fortios

PT-2023-4455 · Fortinet · Fortios

CVE-2023-29182

Weakness Enumeration

Related Identifiers

Affected Products

References · 8