VDB
CVE-2023-42789
CVE-2023-42789
PUBLISHED
Es bestehen mehrere Schwachstellen in Fortinet FortiOS und Fortinet FortiProxy. Diese Fehler bestehen aufgrund eines Out-of-bounds-Schreibproblems. Durch das Senden speziell gestalteter HTTP-Anfragen kann ein entfernter, anonymer Angreifer diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
EPSS 28.28% · 96.6th percentile
Risk Scores
EPSS Score
28.28%
96.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinet FortiOS <6.4.15 | |
| Fortinet | Fortinet FortiOS <7.2.6 | |
| Fortinet | Fortinet FortiProxy <7.2.7 | |
| Fortinet | Fortinet FortiProxy <7.4.1 | |
| Fortinet | Fortinet FortiProxy <7.0.13 | |
| Fortinet | Fortinet FortiOS <7.0.13 | |
| Fortinet | Fortinet FortiProxy <2.0.14 | |
| Fortinet | Fortinet FortiOS <6.2.16 | |
| Fortinet | Fortinet FortiOS <7.4.2 |
Timeline
- Mar 12, 2024 CVE Published
- Mar 12, 2024 PoC Published
- Mar 12, 2024 PoC Published
- Mar 12, 2024 PoC Published
- Mar 13, 2024 EPSS Score
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- May 4, 2024 EPSS Score
- May 30, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0617.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0617 advisory
- https://github.com/CrimBit/CVE-2023-42789-POC exploit
- https://fortiguard.fortinet.com/psirt/FG-IR-23-328 advisory
- https://fortiguard.fortinet.com/psirt/FG-IR-24-013 advisory
- https://fortiguard.fortinet.com/psirt/FG-IR-23-424 advisory