CVE-2023-22639 : A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS v

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.

Published 2023-06-13 09:15:16

Updated 2023-06-17 01:40:25

Source Fortinet, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-22639

Fortinet » Fortios
Versions from including (>=) 6.0.0 and up to, including, (<=) 6.0.17
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortios
Versions from including (>=) 6.4.0 and up to, including, (<=) 6.4.12
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortios
Versions from including (>=) 6.2.0 and up to, including, (<=) 6.2.15
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortios
Versions from including (>=) 7.2.0 and up to, including, (<=) 7.2.3
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortios
Versions from including (>=) 7.0.0 and up to, including, (<=) 7.0.9
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 1.0.0 and up to, including, (<=) 1.0.7
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 1.2.0 and up to, including, (<=) 1.2.13
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 2.0.0 and up to, including, (<=) 2.0.12
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 7.0.0 and up to, including, (<=) 7.0.8
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 1.1.0 and up to, including, (<=) 1.1.6
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy » Version: 7.2.0
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy » Version: 7.2.1
cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy » Version: 7.2.2
cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-22639

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-22639

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	Fortinet, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-22639

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-22639

https://fortiguard.com/psirt/FG-IR-22-494

PSIRT Advisories | FortiGuard
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-22639

Products affected by CVE-2023-22639

Exploit prediction scoring system (EPSS) score for CVE-2023-22639

CVSS scores for CVE-2023-22639

CWE ids for CVE-2023-22639

References for CVE-2023-22639