← back
CVE-2023-33302

CVE-2023-33302

CVSS 4.5 MEDIUMEPSS 0.3%CWE-120
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Mar 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →