ГлавнаяУязвимости → CVE-2023-25610
9.8критическая

CVE-2023-25610

Описание

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Затрагиваемое ПО
Fortinet FortiwebFortinet FortiswitchmanagerFortinet FortiswitchFortinet FortiproxyFortinet Fortios-6k7kFortinet FortiosFortinet FortimanagerFortinet Fortianalyzer
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://fortiguard.com/psirt/FG-IR-23-001