| IR Number | FG-IR-23-149 |
| Date | Aug 17, 2023 |
| Severity |
Medium |
| CVSSv3 Score | 5.8 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2023-29182 |
| Affected Products |
FortiOS
:
7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.14, 6.4.13, 6.4.12, 6.4.11, 6.4.10, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.15, 6.2.14, 6.2.13, 6.2.12, 6.2.11, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
|
| CVRF | Download |
| Language |
Refine Search
PSIRT Advisories
FortiOS - Buffer overflow in execute extender command
Summary
A stack-based buffer overflow vulnerability [CWE-121] in FortiOS may allow a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.
Affected Products
FortiOS version 7.0.0 through 7.0.3
FortiOS 6.4.0 through 6.4.14
FortiOS 6.2 all versions
Solutions
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.0 or above
Please upgrade to FortiOS version 7.0.4 or above
Please upgrade to the FortiOS upcoming version 6.4.15 or above
Timeline
2023-07-28: Initial publication