CVE-2023-28002
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place.
Una vulnerabilidad de validación inadecuada del valor de verificación de integridad [CWE-354] en FortiOS 7.2.0 a 7.2.3, 7.0.0 a 7.0.12, 6.4 todas las versiones, 6.2 todas las versiones, 6.0 todas las versiones y FortiProxy 7.2 todas las versiones, 7.0 todas versiones, 2.0 todas las versiones. Las máquinas virtuales pueden permitir que un atacante local con privilegios de administrador inicie una imagen maliciosa en el dispositivo y omita la verificación de integridad del sistema de archivos vigente.
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-03-09 CVE Reserved
- 2023-11-14 CVE Published
- 2023-11-15 EPSS Updated
- 2024-10-18 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-354: Improper Validation of Integrity Check Value
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-22-396 | 2023-11-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | >= 2.0.0 <= 2.0.13 Search vendor "Fortinet" for product "Fortiproxy" and version " >= 2.0.0 <= 2.0.13" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | >= 7.0.0 <= 7.0.13 Search vendor "Fortinet" for product "Fortiproxy" and version " >= 7.0.0 <= 7.0.13" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | >= 7.2.0 <= 7.2.7 Search vendor "Fortinet" for product "Fortiproxy" and version " >= 7.2.0 <= 7.2.7" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.0.0 <= 6.0.17 Search vendor "Fortinet" for product "Fortios" and version " >= 6.0.0 <= 6.0.17" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.2.0 <= 6.2.15 Search vendor "Fortinet" for product "Fortios" and version " >= 6.2.0 <= 6.2.15" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.4.0 <= 6.4.14 Search vendor "Fortinet" for product "Fortios" and version " >= 6.4.0 <= 6.4.14" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 7.0.0 <= 7.0.12 Search vendor "Fortinet" for product "Fortios" and version " >= 7.0.0 <= 7.0.12" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 7.2.0 <= 7.2.3 Search vendor "Fortinet" for product "Fortios" and version " >= 7.2.0 <= 7.2.3" | - |
Affected
| ||||||