CVE-2023-42789

CRITICAL

Fortinet Fortiproxy < 2.0.13 - Out-of-Bounds Write

Title source: rule

Description

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Exploits (2)

nomisec SCANNER 1 stars

by jhonnybonny · poc

https://github.com/jhonnybonny/CVE-2023-42789

View Code ZIP pw:eip

inthewild

poc

https://github.com/crimbit/cve-2023-42789-poc

View on inthewild

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-23-328

Scores

CVSS v3 9.8

EPSS 0.3002

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (5)

fortinet/fortios 7.4.0

fortinet/fortios 7.4.1

fortinet/fortios 6.2.0 - 6.2.15

fortinet/fortiproxy 7.4.0

fortinet/fortiproxy 2.0.0 - 2.0.13

Published Mar 12, 2024

Tracked Since Feb 18, 2026