CVE-2023-22639 | ByteOS Network

Vulnerability Details :

CVE-2023-22639

Assigner-fortinet

Assigner Org ID-6abe59d8-c742-4dff-8ce8-9b0ca1073da8

Published At-13 Jun, 2023 | 08:41

Updated At-23 Oct, 2024 | 14:26

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:fortinet

Assigner Org ID:6abe59d8-c742-4dff-8ce8-9b0ca1073da8

Published At:13 Jun, 2023 | 08:41

Updated At:23 Oct, 2024 | 14:26

▼CVE Numbering Authority (CNA)

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.

Affected Products

Vendor

Product

Default Status

unaffected

Versions

Affected

From 7.2.0 through 7.2.3 (semver)
From 7.0.0 through 7.0.10 (semver)
From 6.4.0 through 6.4.12 (semver)
From 6.2.0 through 6.2.15 (semver)
From 6.0.0 through 6.0.17 (semver)

Vendor

Product

Default Status

unaffected

Versions

Affected

From 7.2.0 through 7.2.2 (semver)
From 7.0.0 through 7.0.8 (semver)
From 2.0.0 through 2.0.12 (semver)
From 1.2.0 through 1.2.13 (semver)
From 1.1.0 through 1.1.6 (semver)
From 1.0.0 through 1.0.7 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-787	Escalation of privilege

Type: CWE

CWE ID: CWE-787

Description: Escalation of privilege

Metrics

Version	Base score	Base severity	Vector
3.1	6.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

Solutions

Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiProxy version 7.2.3 or above Please upgrade to FortiProxy version 7.0.9 or above

References

Hyperlink	Resource
https://fortiguard.com/psirt/FG-IR-22-494	N/A

Hyperlink: https://fortiguard.com/psirt/FG-IR-22-494

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://fortiguard.com/psirt/FG-IR-22-494	x_transferred

Hyperlink: https://fortiguard.com/psirt/FG-IR-22-494

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:psirt@fortinet.com

Published At:13 Jun, 2023 | 09:15

Updated At:07 Nov, 2023 | 04:07

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

>>fortiproxy>>Versions from 1.0.0(inclusive) to 1.0.7(inclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 1.1.0(inclusive) to 1.1.6(inclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 1.2.0(inclusive) to 1.2.13(inclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 2.0.0(inclusive) to 2.0.12(inclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 7.0.0(inclusive) to 7.0.8(inclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>7.2.0

cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*

>>fortiproxy>>7.2.1

cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*

>>fortiproxy>>7.2.2

cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*

>>fortios>>Versions from 6.0.0(inclusive) to 6.0.17(inclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 6.2.0(inclusive) to 6.2.15(inclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 6.4.0(inclusive) to 6.4.12(inclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 7.0.0(inclusive) to 7.0.9(inclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 7.2.0(inclusive) to 7.2.3(inclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-787	Secondary	psirt@fortinet.com

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-787

Type: Secondary

Source: psirt@fortinet.com

References

Hyperlink	Source	Resource
https://fortiguard.com/psirt/FG-IR-22-494	psirt@fortinet.com	Vendor Advisory

Hyperlink: https://fortiguard.com/psirt/FG-IR-22-494

Source: psirt@fortinet.com

Resource:

Vendor Advisory