Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29177

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

Published

2023-11-14T19:15:24.337

Last Modified

2024-11-21T07:56:39.793

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiadc	≤ 7.1.2	Yes
Application	fortinet	fortiadc	5.2.0	Yes
Application	fortinet	fortiadc	5.3.0	Yes
Application	fortinet	fortiadc	5.4.0	Yes
Application	fortinet	fortiadc	6.0.0	Yes
Application	fortinet	fortiadc	6.1.0	Yes
Application	fortinet	fortiadc	6.2.0	Yes
Application	fortinet	fortiadc	7.0.0	Yes
Application	fortinet	fortiadc	7.2.0	Yes
Application	fortinet	fortiddos-f	≤ 6.1.4	Yes
Application	fortinet	fortiddos-f	≤ 6.4.1	Yes
Application	fortinet	fortiddos-f	6.2.0	Yes
Application	fortinet	fortiddos-f	6.3.0	Yes
Application	fortinet	fortiddos-f	6.5.0	Yes

References

https://fortiguard.com/psirt/FG-IR-23-064 Third Party Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-23-064 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)