VDB
GSD-2023-27997
GSD-2023-27997
PUBLISHED
CVSS 9.199999809265137 CRITICAL
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Risk Scores
CVSS v3.1
9.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiOS | 7.2.0, 7.0.0, 6.0.0 |
| Fortinet | FortiOS-6K7K | 6.4.10, 6.2.6, 6.2.4 |
| Fortinet | FortiProxy | 2.0.0, 7.0.0, 1.2.0 |
Timeline
- Oct 2, 2017 CVE Published
- Jun 13, 2023 PoC Published
- Jun 13, 2023 PoC Published
- Jun 13, 2023 PoC Published
- Jun 14, 2023 PoC Published
- Oct 15, 2024 PoC Published
- Nov 20, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Feb 23, 2025 PoC Published
- Apr 11, 2025 PoC Published
- Apr 12, 2025 PoC Published
- Apr 13, 2025 PoC Published