What is CVE-2023-29177?

CVE-2023-29177 is a vulnerability in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 that allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

What is the severity of CVE-2023-29177?

CVE-2023-29177 has a severity level of medium with a score of 6.2.

Which software versions are affected by CVE-2023-29177?

FortiADC versions 7.2.0 and before 7.1.2, and FortiDDoS-F versions 6.5.0 and before 6.4.1 are affected by CVE-2023-29177.

How can a privileged attacker exploit CVE-2023-29177?

A privileged attacker can exploit CVE-2023-29177 by sending specifically crafted CLI requests to execute arbitrary code or commands.

Where can I find more information about CVE-2023-29177?

You can find more information about CVE-2023-29177 at the following link: https://fortiguard.com/psirt/FG-IR-23-064

Vulnerability/
CVE-2023-29177

medium

6.7

CWE

120 119

14/11/2023

30/8/2024

CVE-2023-29177: Buffer Overflow

First published: Tue Nov 14 2023(Updated: )

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiADC	>=7.1.0<=7.1.2
Fortinet FortiADC	=5.2.0
Fortinet FortiADC	=5.3.0
Fortinet FortiADC	=5.4.0
Fortinet FortiADC	=6.0.0
Fortinet FortiADC	=6.1.0
Fortinet FortiADC	=6.2.0
Fortinet FortiADC	=7.0.0
Fortinet FortiADC	=7.2.0
Fortinet FortiDDoS-F	>=6.1.0<=6.1.4
Fortinet FortiDDoS-F	>=6.4.0<=6.4.1
Fortinet FortiDDoS-F	=6.2.0
Fortinet FortiDDoS-F	=6.3.0
Fortinet FortiDDoS-F	=6.5.0

Remedy

Please upgrade to FortiDDoS-F version 6.5.1 or above Please upgrade to FortiDDoS-F version 6.4.2 or above Please upgrade to FortiADC version 7.2.1 or above Please upgrade to FortiADC version 7.1.3 or above

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-23-064

Frequently Asked Questions

What is CVE-2023-29177?
CVE-2023-29177 is a vulnerability in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 that allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.
What is the severity of CVE-2023-29177?
CVE-2023-29177 has a severity level of medium with a score of 6.2.
Which software versions are affected by CVE-2023-29177?
FortiADC versions 7.2.0 and before 7.1.2, and FortiDDoS-F versions 6.5.0 and before 6.4.1 are affected by CVE-2023-29177.
How can a privileged attacker exploit CVE-2023-29177?
A privileged attacker can exploit CVE-2023-29177 by sending specifically crafted CLI requests to execute arbitrary code or commands.
Where can I find more information about CVE-2023-29177?
You can find more information about CVE-2023-29177 at the following link: https://fortiguard.com/psirt/FG-IR-23-064

agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/references
agent/remedy
agent/author
agent/severity
agent/description
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortiadc
version/fortinet fortiadc/7.1.0
version/fortinet fortiadc/7.1.2
version/fortinet fortiadc/5.2.0
version/fortinet fortiadc/5.3.0
version/fortinet fortiadc/5.4.0
version/fortinet fortiadc/6.0.0
version/fortinet fortiadc/6.1.0
version/fortinet fortiadc/6.2.0
version/fortinet fortiadc/7.0.0
version/fortinet fortiadc/7.2.0
canonical/fortinet fortiddos-f
version/fortinet fortiddos-f/6.1.0
version/fortinet fortiddos-f/6.1.4
version/fortinet fortiddos-f/6.4.0
version/fortinet fortiddos-f/6.4.1
version/fortinet fortiddos-f/6.2.0
version/fortinet fortiddos-f/6.3.0
version/fortinet fortiddos-f/6.5.0