7.8
CVE-2023-22639
- EPSS 0.04%
- Veröffentlicht 13.06.2023 09:15:16
- Zuletzt bearbeitet 21.11.2024 07:45:06
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortiproxy Version >= 1.0.0 <= 1.0.7
Fortinet ≫ Fortiproxy Version >= 1.1.0 <= 1.1.6
Fortinet ≫ Fortiproxy Version >= 1.2.0 <= 1.2.13
Fortinet ≫ Fortiproxy Version >= 2.0.0 <= 2.0.12
Fortinet ≫ Fortiproxy Version >= 7.0.0 <= 7.0.8
Fortinet ≫ Fortiproxy Version7.2.0
Fortinet ≫ Fortiproxy Version7.2.1
Fortinet ≫ Fortiproxy Version7.2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.128 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.