What is the severity of CVE-2024-23110?

CVE-2024-23110 is classified as a critical vulnerability due to its potential for enabling unauthorized code execution.

How do I fix CVE-2024-23110?

To fix CVE-2024-23110, upgrade FortiOS to versions 7.4.3, 7.2.7, 7.0.14, 6.4.15, or 6.2.16 depending on your current version.

What software is affected by CVE-2024-23110?

CVE-2024-23110 affects multiple versions of Fortinet FortiOS, specifically versions from 7.4.0 to 7.4.2, and earlier versions back to 6.0.

What type of vulnerability is CVE-2024-23110?

CVE-2024-23110 is a stack-based buffer overflow vulnerability.

Can CVE-2024-23110 be exploited remotely?

Yes, CVE-2024-23110 can be exploited remotely by an attacker through specially crafted commands.

Vulnerability/
CVE-2024-23110

high

7.8

CWE

119 121 787

11/6/2024

23/8/2024

CVE-2024-23110: Multiple buffer overflows in diag npu command

First published: Tue Jun 11 2024(Updated: )

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiOS IPS Engine	>=6.0.0<6.2.16
Fortinet FortiOS IPS Engine	>=6.4.0<6.4.15
Fortinet FortiOS IPS Engine	>=7.0.0<7.0.14
Fortinet FortiOS IPS Engine	>=7.2.0<7.2.7
Fortinet FortiOS IPS Engine	>=7.4.0<7.4.3
Fortinet FortiOS IPS Engine	>=7.4.0<=7.4.2
Fortinet FortiOS IPS Engine	>=7.2.0<=7.2.6
Fortinet FortiOS IPS Engine	>=7.0.0<=7.0.13
Fortinet FortiOS IPS Engine	>=6.4.0<=6.4.14
Fortinet FortiOS IPS Engine	>=6.2.0<=6.2.15
Fortinet FortiOS IPS Engine	>=6.0

Remedy

Please upgrade to FortiOS version 7.4.3 or above Please upgrade to FortiOS version 7.2.7 or above Please upgrade to FortiOS version 7.0.14 or above Please upgrade to FortiOS version 6.4.15 or above Please upgrade to FortiOS version 6.2.16 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-23110?
CVE-2024-23110 is classified as a critical vulnerability due to its potential for enabling unauthorized code execution.
How do I fix CVE-2024-23110?
To fix CVE-2024-23110, upgrade FortiOS to versions 7.4.3, 7.2.7, 7.0.14, 6.4.15, or 6.2.16 depending on your current version.
What software is affected by CVE-2024-23110?
CVE-2024-23110 affects multiple versions of Fortinet FortiOS, specifically versions from 7.4.0 to 7.4.2, and earlier versions back to 6.0.
What type of vulnerability is CVE-2024-23110?
CVE-2024-23110 is a stack-based buffer overflow vulnerability.
Can CVE-2024-23110 be exploited remotely?
Yes, CVE-2024-23110 can be exploited remotely by an attacker through specially crafted commands.

agent/remedy
agent/type
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-23110
agent/first-publish-date
agent/title
agent/description
agent/author
agent/severity
collector/the-register
source/The Register
alias/CVE-2023-50868
alias/CVE-2024-30080
alias/CVE-2024-30078
alias/CVE-2024-4577
alias/CVE-2024-4610
alias/CVE-2024-28995
agent/references
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/softwarecombine
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/fortiguard-psirt
vendor/fortinet
canonical/fortinet fortios ips engine
version/fortinet fortios ips engine/6.0.0
version/fortinet fortios ips engine/6.4.0
version/fortinet fortios ips engine/7.0.0
version/fortinet fortios ips engine/7.2.0
version/fortinet fortios ips engine/7.4.0
version/fortinet fortios ips engine/7.4.2
version/fortinet fortios ips engine/7.2.6
version/fortinet fortios ips engine/7.0.13
version/fortinet fortios ips engine/6.4.14
version/fortinet fortios ips engine/6.2.0
version/fortinet fortios ips engine/6.2.15
version/fortinet fortios ips engine/6.0