CVE-2023-29177

Published Nov 14, 2023

Last updated a year ago

CVSS medium 6.7

Overview

Description: Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

psirt@fortinet.com: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EE864BE-0405-485C-997E-072092F6BB5E",
            "versionEndIncluding": "7.1.2",
            "versionStartIncluding": "7.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:5.2.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20EC4BBC-C056-4B63-8D08-F1F6F77CED5D"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:5.3.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F67FE569-A1C6-4592-B650-444C94C45A90"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:5.4.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3B866E2-9E6A-4F82-ABBC-800F87152FE4"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:6.0.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C61C6239-ACC1-4A3B-ABC4-B2C501148927"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:6.1.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43DED0DD-E584-4ECF-8B0F-2FB8B3167889"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:6.2.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63B95B99-89C8-4797-8FDA-2887596ADFED"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:7.0.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70AE3711-D7D8-49A3-981D-CD96F2497CB5"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74B0A112-AA30-4D11-8F36-3DC8A2EBCA16"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7B816ED-6776-46CF-9F8C-B0A2CF3716F1",
            "versionEndIncluding": "6.1.4",
            "versionStartIncluding": "6.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "847C6FC1-DBCF-4803-BDDB-6E2C5B079ECD",
            "versionEndIncluding": "6.4.1",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.2.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DD47EAD-BE0A-4E66-BAE6-BFECD8FBCC1A"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.3.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A702B46E-1BA1-4D57-BBC5-96B66DB83FAF"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DB1731B-7799-408B-8F8C-F5ABFEA7A180"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References