CVSS: 9.8EPSS: 10%CPEs: 25EXPL: 10CVE-2023-27997 – Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-27997
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests. • https://github.com/rio128128/CVE-2023-27997-POC https://github.com/BishopFox/CVE-2023-27997-check https://github.com/delsploit/CVE-2023-27997 https://github.com/imbas007/CVE-2023-27997-Check https://github.com/Cyb3rEnthusiast/CVE-2023-27997 https://github.com/awchjimmy/CVE-2023-27997-tutorial https://github.com/puckiestyle/cve-2023-27997 https://github.com/TechinsightsPro/ShodanFortiOS https://github.com/lexfo/xortigate-cve-2023-27997 https://github.com/node011/CVE-2023-27997-POC • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-22639
https://notcve.org/view.php?id=CVE-2023-22639
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands. • https://fortiguard.com/psirt/FG-IR-22-494 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22640
https://notcve.org/view.php?id=CVE-2023-22640
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. • https://fortiguard.com/psirt/FG-IR-22-475 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-22641
https://notcve.org/view.php?id=CVE-2023-22641
A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests. • https://fortiguard.com/psirt/FG-IR-22-479 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.1EPSS: 11%CPEs: 5EXPL: 0CVE-2022-41328 – Fortinet FortiOS Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2022-41328
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands. • https://fortiguard.com/psirt/FG-IR-22-369 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •