VYPR
Unrated severityNVD Advisory· Published Jul 26, 2023· Updated Oct 23, 2024

CVE-2023-33308

CVE-2023-33308

Description

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.

Affected products

4
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    >=7.0.0 <=7.0.9, >=7.2.0 <=7.2.2+ 1 more
    • (no CPE)range: >=7.0.0 <=7.0.9, >=7.2.0 <=7.2.2
    • (no CPE)range: 7.2.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    >=7.0.0 <=7.0.10, >=7.2.0 <=7.2.3+ 1 more
    • (no CPE)range: >=7.0.0 <=7.0.10, >=7.2.0 <=7.2.3
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.