CVE-2023-42789

CRITICAL

FortiOS/FortiProxy Out-of-bounds Write via HTTP Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-42789. PoCs published by jhonnybonny.

AI-analyzed exploit summary This repository contains a Python script that checks for the presence of CVE-2023-42789, an out-of-bounds write vulnerability in Fortinet FortiOS and FortiProxy. The script sends crafted HTTP requests to determine if the target is vulnerable or patched.

Description

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Exploits (1)

nomisec SCANNER 1 stars

by jhonnybonny · poc

https://github.com/jhonnybonny/CVE-2023-42789

View Code ZIP pw:eip

This repository contains a Python script that checks for the presence of CVE-2023-42789, an out-of-bounds write vulnerability in Fortinet FortiOS and FortiProxy. The script sends crafted HTTP requests to determine if the target is vulnerable or patched.

Classification

Scanner 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Fortinet FortiOS (7.4.0-7.4.1, 7.2.0-7.2.5, 7.0.0-7.0.12, 6.4.0-6.4.14, 6.2.0-6.2.15), FortiProxy (7.4.0, 7.2.0-7.2.6, 7.0.0-7.0.12, 2.0.0-2.0.13)

No auth needed

Prerequisites: Network access to the target Fortinet device · Python3 and the 'colorama' library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-328

Scores

CVSS v3 9.8

EPSS 0.2828

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-787

Status published

Products (5)

fortinet/fortios 7.4.0

fortinet/fortios 7.4.1

fortinet/fortios 6.2.0 - 6.2.15

fortinet/fortiproxy 7.4.0

fortinet/fortiproxy 2.0.0 - 2.0.13

Published Mar 12, 2024

Tracked Since Feb 18, 2026