7.8

CVE-2023-22639

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiproxy Version >= 1.0.0 <= 1.0.7
FortinetFortiproxy Version >= 1.1.0 <= 1.1.6
FortinetFortiproxy Version >= 1.2.0 <= 1.2.13
FortinetFortiproxy Version >= 2.0.0 <= 2.0.12
FortinetFortiproxy Version >= 7.0.0 <= 7.0.8
FortinetFortiproxy Version7.2.0
FortinetFortiproxy Version7.2.1
FortinetFortiproxy Version7.2.2
FortinetFortios Version >= 6.0.0 <= 6.0.17
FortinetFortios Version >= 6.2.0 <= 6.2.15
FortinetFortios Version >= 6.4.0 <= 6.4.12
FortinetFortios Version >= 7.0.0 <= 7.0.9
FortinetFortios Version >= 7.2.0 <= 7.2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.13
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@fortinet.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.