CVE-2023-22639: Out-of-bound write in CLI
First published: Mon Jun 12 2023(Updated: )
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.0.0<=1.0.7 | |
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.12 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.8 | |
| Fortinet FortiProxy | =7.2.0 | |
| Fortinet FortiProxy | =7.2.1 | |
| Fortinet FortiProxy | =7.2.2 | |
| Fortinet FortiOS | >=6.0.0<=6.0.17 | |
| Fortinet FortiOS | >=6.2.0<=6.2.15 | |
| Fortinet FortiOS | >=6.4.0<=6.4.12 | |
| Fortinet FortiOS | >=7.0.0<=7.0.9 | |
| Fortinet FortiOS | >=7.2.0<=7.2.3 |
Remedy
Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiProxy version 7.2.3 or above Please upgrade to FortiProxy version 7.0.9 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22639?
CVE-2023-22639 is a vulnerability in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions.
What is the severity of CVE-2023-22639?
The severity of CVE-2023-22639 is high (7.8).
How does CVE-2023-22639 affect Fortinet FortiOS?
CVE-2023-22639 affects Fortinet FortiOS versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 6.4.0 through 6.4.12, 6.2, and 6.0.
How does CVE-2023-22639 affect FortiProxy?
CVE-2023-22639 affects FortiProxy versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8.
Is there a fix for CVE-2023-22639?
Yes, updating to a version of Fortinet FortiOS or FortiProxy that is not affected by CVE-2023-22639 will fix the vulnerability.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/weakness
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2023-22639
- collector/fortiguard-psirt
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0
- version/fortinet fortiproxy/1.0.7
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.12
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.8
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.1
- version/fortinet fortiproxy/7.2.2
- canonical/fortinet fortios
- version/fortinet fortios/6.0.0
- version/fortinet fortios/6.0.17
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.15
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.12
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.9
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.3