Vulnerability Description
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiweb | >= 6.1.0, < 6.1.4 |
| Fortinet | Fortiswitchmanager | >= 7.0.0, < 7.0.2 |
| Fortinet | Fortiswitch | >= 7.0.0, < 7.0.7 |
| Fortinet | Fortiproxy | >= 1.1.0, < 7.0.9 |
| Fortinet | Fortios-6K7K | >= 6.0.4, < 6.2.13 |
| Fortinet | Fortios | >= 5.0.0, < 6.2.13 |
| Fortinet | Fortimanager | >= 6.0.0, < 6.0.12 |
| Fortinet | Fortianalyzer | >= 6.0.0, < 6.0.12 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-23-001Vendor Advisory
FAQ
What is CVE-2023-25610?
CVE-2023-25610 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and ve...
How severe is CVE-2023-25610?
CVE-2023-25610 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-25610?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiweb, Fortinet Fortiswitchmanager, Fortinet Fortiswitch, Fortinet Fortiproxy, Fortinet Fortios-6K7K.