Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025

CVE-2023-33302

Description

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

Affected products

Fortinet/Fortimailv5
cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
Range: 6.4.0
Fortinet/Fortindrv5
Range: 7.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-21-023mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000