What is the severity of CVE-2023-46720?

CVE-2023-46720 is considered a critical vulnerability due to its potential for unauthorized code execution.

How do I fix CVE-2023-46720?

To fix CVE-2023-46720, update FortiOS to version 7.4.4, 7.2.8, or 7.0.16, depending on your current version.

Which versions of FortiOS are affected by CVE-2023-46720?

FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, and several 6.x versions are affected.

What type of vulnerability is CVE-2023-46720?

CVE-2023-46720 is a stack-based buffer overflow vulnerability.

Can CVE-2023-46720 lead to remote code execution?

Yes, CVE-2023-46720 allows an attacker to execute unauthorized code or commands remotely.

Vulnerability/
CVE-2023-46720

high

7.8

CWE

119 121 787

11/6/2024

23/8/2024

2/12/2024

CVE-2023-46720: Stack buffer overflow on bluetooth write feature

First published: Tue Jun 11 2024(Updated: )

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiOS IPS Engine	>=6.0.13<=6.0.18
Fortinet FortiOS IPS Engine	>=6.2.9<=6.2.16
Fortinet FortiOS IPS Engine	>=6.4.6<=6.4.15
Fortinet FortiOS IPS Engine	>=7.0.0<=7.0.12
Fortinet FortiOS IPS Engine	>=7.2.0<7.2.8
Fortinet FortiOS IPS Engine	>=7.4.0<7.4.3
Fortinet FortiOS IPS Engine	>=7.4.0<=7.4.3
Fortinet FortiOS IPS Engine	>=7.2.0<=7.2.7
Fortinet FortiOS IPS Engine	>=7.0.0<=7.0.15
Fortinet FortiOS IPS Engine	>=6.4
Fortinet FortiOS IPS Engine	>=6.2
Fortinet FortiOS IPS Engine	>=6.0

Remedy

Please upgrade to FortiOS version 7.4.4 or above Please upgrade to FortiOS version 7.2.8 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-46720?
CVE-2023-46720 is considered a critical vulnerability due to its potential for unauthorized code execution.
How do I fix CVE-2023-46720?
To fix CVE-2023-46720, update FortiOS to version 7.4.4, 7.2.8, or 7.0.16, depending on your current version.
Which versions of FortiOS are affected by CVE-2023-46720?
FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, and several 6.x versions are affected.
What type of vulnerability is CVE-2023-46720?
CVE-2023-46720 is a stack-based buffer overflow vulnerability.
Can CVE-2023-46720 lead to remote code execution?
Yes, CVE-2023-46720 allows an attacker to execute unauthorized code or commands remotely.

agent/remedy
agent/type
agent/first-publish-date
agent/references
agent/title
agent/author
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/description
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2023-46720
agent/event
agent/softwarecombine
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/fortiguard-psirt
vendor/fortinet
canonical/fortinet fortios ips engine
version/fortinet fortios ips engine/6.0.13
version/fortinet fortios ips engine/6.0.18
version/fortinet fortios ips engine/6.2.9
version/fortinet fortios ips engine/6.2.16
version/fortinet fortios ips engine/6.4.6
version/fortinet fortios ips engine/6.4.15
version/fortinet fortios ips engine/7.0.0
version/fortinet fortios ips engine/7.0.12
version/fortinet fortios ips engine/7.2.0
version/fortinet fortios ips engine/7.4.0
version/fortinet fortios ips engine/7.4.3
version/fortinet fortios ips engine/7.2.7
version/fortinet fortios ips engine/7.0.15
version/fortinet fortios ips engine/6.4
version/fortinet fortios ips engine/6.2
version/fortinet fortios ips engine/6.0