CVE-2023-33302

Name of the Vulnerable Software and Affected Versions FortiMail versions 6.4.0 through 6.4.4 FortiMail versions prior to 6.2.6 FortiNDR versions prior to 7.1.0 FortiNDR version 7.2.0

Description A buffer copy without checking the size of input, also known as a 'classic buffer overflow', allows an authenticated attacker with regular webmail access to trigger a buffer overflow. This could lead to the execution of unauthorized code or commands via specifically crafted HTTP requests.

Recommendations For FortiMail versions 6.4.0 through 6.4.4, update to a version outside of this range to mitigate the risk. For FortiMail versions prior to 6.2.6, update to version 6.2.6 or later. For FortiNDR versions prior to 7.1.0, update to version 7.1.0 or later. For FortiNDR version 7.2.0, consider disabling access to the administrative interface until a patch is available.