Description
A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
Published: 2024-03-12
Score: 7.7 High
EPSS: 1.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Upgrade to FortiProxy version 7.4.1 or above Upgrade to FortiProxy version 7.2.7 or above Upgrade to FortiProxy version 7.0.13 or above Upgrade to FortiProxy version 2.0.14 or above Upgrade to FortiSwitchManager version 7.2.3 or above Upgrade to FortiSwitchManager version 7.0.3 or above Fortinet remediated this issue in FortiSASE version 23.3.b and hence customers do not need to perform any action. Upgrade to FortiOS version 7.4.2 or above Upgrade to FortiOS version 7.2.6 or above Upgrade to FortiOS version 7.0.13 or above Upgrade to FortiOS version 6.4.15 or above Upgrade to FortiOS version 6.2.16 or above Upgrade to FortiPAM version 1.2.0 or above

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-47220 A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
References
History

Wed, 08 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
CPEs cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C'}

cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}


Wed, 18 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 17 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*

Subscriptions

Fortinet Fortios Fortiproxy
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-07-08T12:43:54.710Z

Reserved: 2023-09-14T08:37:38.657Z

Link: CVE-2023-42790

cve-icon Vulnrichment

Updated: 2024-08-02T19:30:24.514Z

cve-icon NVD

Status : Modified

Published: 2024-03-12T15:15:46.293

Modified: 2026-06-17T06:24:30.707

Link: CVE-2023-42790

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow