General Info

CVE ID CVE-2023-27997
Published Date 2023-06-13 09:15
Last Modified 2023-11-07 04:10
Risk CVSS V2
N/A
Risk CVSS V3
High
Json View Json

Description

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

CPE Match

Node Is Vulnerable Last Vulnerable Version
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* True
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* True
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* True
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* True
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* True
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:7.0.5:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:7.0.10:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.4.8:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.4.6:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.4.2:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.4.12:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.4.10:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.2.9:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.2.7:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.2.6:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.2.4:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:*:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.0.16:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.0.15:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.0.14:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.0.13:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.0.12:*:*:*:*:*:*:* True
cpe:2.3:a:fortinet:fortios-6k7k:6.0.10:*:*:*:*:*:*:* True

CVSS Analysis

CVSS Version 2

CVSS Version 3 9.8

Exploitablity Score 3.9

Impact Score 5.9

Impact

Confidentiality HIGH
Integrity HIGH
Availability HIGH
Attack Vector NETWORK
Attack Complexity LOW
Required Preveliges No
Required User Itegration No

References

Reference Tags
https://fortiguard.com/psirt/FG-IR-23-097 Vendor Advisory