CVE-2023-42790

HIGH

FortiOS/FortiProxy Stack-based Buffer Overflow via HTTP Requests

Title source: llm
STIX 2.1

Description

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0107
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (12)
fortinet/fortios 6.2.0 - 6.2.15
Fortinet/FortiOS 6.2.0 - 6.2.15
Fortinet/FortiOS 6.4.0 - 6.4.14
Fortinet/FortiOS 7.0.0 - 7.0.12
Fortinet/FortiOS 7.2.0 - 7.2.5
Fortinet/FortiOS 7.4.0 - 7.4.1
fortinet/fortiproxy 7.4.0
fortinet/fortiproxy 2.0.0 - 2.0.13
Fortinet/FortiProxy 2.0.0 - 2.0.13
Fortinet/FortiProxy 7.0.0 - 7.0.12
... and 2 more
Published Mar 12, 2024
Tracked Since Feb 18, 2026