← back
CVE-2023-22640

CVE-2023-22640

CVSS 7.1 HIGHEPSS 0.9%CWE-787
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
Affected products
Fortinet · FortiOSFortinet · FortiProxy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/psirt/FG-IR-22-475