CVE-2023-25610 | THREATINT

Description

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Reserved 2023-02-08 | Published 2025-03-24 | Updated 2025-03-24 | Assigner fortinet

CRITICAL: 9.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

7.2.0

affected

7.0.0

affected

Default status

unaffected

7.2.0

affected

7.0.0

affected

6.4.0

affected

6.2.0

affected

6.0.0

affected

Default status

unaffected

7.0.5

affected

6.4.10

affected

6.4.8

affected

6.4.6

affected

6.4.2

affected

6.2.9

affected

6.2.6

affected

6.2.4

affected

6.0.12

affected

6.0.10

affected

Default status

unaffected

7.2.0

affected

7.0.0

affected

2.0.0

affected

1.2.0

affected

1.1.0

affected

Default status

unaffected

7.2.0

affected

7.0.0

affected

6.4.0

affected

6.2.0

affected

6.0.0

affected

5.6.0

affected

5.4.0

affected

5.2.0

affected

5.0.0

affected

Default status

unaffected

7.2.0

affected

7.0.0

affected

6.4.0

affected

6.2.0

affected

6.0.0

affected

Default status

unaffected

7.2.0

affected

7.0.0

affected

6.4.0

affected

6.3.0

affected

6.2.0

affected

6.1.0

affected

References

fortiguard.com/psirt/FG-IR-23-001

cve.org (CVE-2023-25610)

nvd.nist.gov (CVE-2023-25610)

Download JSON