CVE-2023-42789

CVSS 3.1 Score 9.8 of 10 (high)

Attack Complexity low

Confidentiality high

Integrity high

Availability high

Scope unchanged

Privileges Required none

Details

Published Mar 12, 2024

Updated: Mar 15, 2024

CWE ID 787

Summary

CVE-2023-42789 is a critical vulnerability affecting multiple Fortinet FortiOS versions from 7.4.0 to 7.4.1, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, 6.4.0 to 6.4.14, 6.2.0 to 6.2.15, and FortiProxy versions from 2.0.0 to 2.0.13. This issue enables an attacker to perform out-of-bounds writes using specially crafted HTTP requests, potentially leading to unauthorized code execution or command injection. Successful exploitation of this vulnerability could result in significant security risks, including unauthorized access, data theft, or system compromise. Fortinet strongly advises upgrading to the latest FortiOS and FortiProxy versions to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

FortiOS
Fortinet FortiProxy

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners