CVE-2023-33302

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-21-023	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::

Configuration 2 (hide)

cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*

History

23 Jul 2025, 15:53

Type	Values Removed	Values Added
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-21-023 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-21-023 - Vendor Advisory
First Time		Fortinet fortimail Fortinet Fortinet fortindr
CPE		cpe:2.3:a:fortinet:fortimail:::::::: cpe:2.3:a:fortinet:fortindr::::::::
Summary		(es) Una copia de búfer sin verificar el tamaño de entrada ("desbordamiento de búfer clásico") en el correo web FortiMail de Fortinet y la interfaz administrativa versión 6.4.0 a 6.4.4 y anteriores a 6.2.6 y la interfaz administrativa FortiNDR versión 7.2.0 y anteriores a 7.1.0 permite que un atacante autenticado con acceso regular al correo web provoque un desbordamiento de búfer y posiblemente ejecute código o comandos no autorizados a través de solicitudes HTTP específicamente manipuladas.

31 Mar 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-31 15:15

Updated : 2025-07-23 15:53

NVD link : CVE-2023-33302

Mitre link : CVE-2023-33302

CVE.ORG link : CVE-2023-33302

JSON object : View

Products Affected

fortinet

fortimail
fortindr

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2023-33302", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-03-31T15:15:41.680", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests."}, {"lang": "es", "value": "Una copia de b\u00fafer sin verificar el tama\u00f1o de entrada (\"desbordamiento de b\u00fafer cl\u00e1sico\") en el correo web FortiMail de Fortinet y la interfaz administrativa versi\u00f3n 6.4.0 a 6.4.4 y anteriores a 6.2.6 y la interfaz administrativa FortiNDR versi\u00f3n 7.2.0 y anteriores a 7.1.0 permite que un atacante autenticado con acceso regular al correo web provoque un desbordamiento de b\u00fafer y posiblemente ejecute c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes HTTP espec\u00edficamente manipuladas."}], "lastModified": "2025-07-23T15:53:22.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F55E66F3-2827-4707-9720-FBD56335B973", "versionEndIncluding": "5.4.12", "versionStartIncluding": "5.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98D4A72C-BD04-40D1-9561-BE46247CE338", "versionEndExcluding": "6.0.11", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA33C194-BB9C-43C8-864C-15396010FAAD", "versionEndExcluding": "6.2.7", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DAB4EFB-D73F-4FC5-8FE7-278BADB9F78E", "versionEndExcluding": "6.4.5", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F262B16-971F-492A-9502-67D90DC25846", "versionEndExcluding": "7.2.1", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}