CVE-2023-29177

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-064	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiadc:5.2.0:-::::::
	cpe:2.3:a:fortinet:fortiadc:5.3.0:-::::::
	cpe:2.3:a:fortinet:fortiadc:5.4.0:-::::::
	cpe:2.3:a:fortinet:fortiadc:6.0.0:-::::::
	cpe:2.3:a:fortinet:fortiadc:6.1.0:-::::::
	cpe:2.3:a:fortinet:fortiadc:6.2.0:-::::::
	cpe:2.3:a:fortinet:fortiadc:7.0.0:-::::::
	cpe:2.3:a:fortinet:fortiadc:7.2.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:fortinet:fortiddos-f::::::::
	cpe:2.3:a:fortinet:fortiddos-f::::::::
	cpe:2.3:a:fortinet:fortiddos-f:6.2.0:-::::::
	cpe:2.3:a:fortinet:fortiddos-f:6.3.0:-::::::
	cpe:2.3:a:fortinet:fortiddos-f:6.5.0:::::::*

History

21 Nov 2023, 18:47

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-14 19:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-29177

Mitre link : CVE-2023-29177

CVE.ORG link : CVE-2023-29177

JSON object : View

Products Affected

fortinet

fortiddos-f
fortiadc

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2023-29177", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2023-11-14T19:15:24.337", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-064", "tags": ["Third Party Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests."}, {"lang": "es", "value": "Las vulnerabilidades de copia de b\u00fafer m\u00faltiple sin verificar el tama\u00f1o de entrada ('desbordamiento del b\u00fafer cl\u00e1sico') [CWE-120] en FortiADC versi\u00f3n 7.2.0 y anteriores a 7.1.2 y FortiDDoS-F versi\u00f3n 6.5.0 y anteriores a 6.4.1 permiten a un atacante privilegiado ejecutar c\u00f3digo o comandos arbitrarios a trav\u00e9s de solicitudes CLI espec\u00edficamente manipuladas."}], "lastModified": "2023-11-21T18:47:17.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EE864BE-0405-485C-997E-072092F6BB5E", "versionEndIncluding": "7.1.2", "versionStartIncluding": "7.1.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:5.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20EC4BBC-C056-4B63-8D08-F1F6F77CED5D"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:5.3.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F67FE569-A1C6-4592-B650-444C94C45A90"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:5.4.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B866E2-9E6A-4F82-ABBC-800F87152FE4"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:6.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C61C6239-ACC1-4A3B-ABC4-B2C501148927"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:6.1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43DED0DD-E584-4ECF-8B0F-2FB8B3167889"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:6.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63B95B99-89C8-4797-8FDA-2887596ADFED"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:7.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70AE3711-D7D8-49A3-981D-CD96F2497CB5"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74B0A112-AA30-4D11-8F36-3DC8A2EBCA16"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7B816ED-6776-46CF-9F8C-B0A2CF3716F1", "versionEndIncluding": "6.1.4", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "847C6FC1-DBCF-4803-BDDB-6E2C5B079ECD", "versionEndIncluding": "6.4.1", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DD47EAD-BE0A-4E66-BAE6-BFECD8FBCC1A"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.3.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A702B46E-1BA1-4D57-BBC5-96B66DB83FAF"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB1731B-7799-408B-8F8C-F5ABFEA7A180"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}