FortiOS update for buffer overflow vulnerability - 20230809002

Overview

Fortinet has released security updates for FortiOS to address a buffer overflow vulnerability that may allow a privileged attacker to execute arbitrary code via specially crafted CLI commands

What is the vulnerability?

CVE-2023-29182 - CVSS v3 Base Score: 6.4

What is vulnerable?

The vulnerability affects the following products:

• FortiOS version 7.0.0 through 7.0.3

• FortiOS 6.4 all versions

• FortiOS 6.2 all versions

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices.

• FortiGuard - CVE-2023-29182

Additional References

• CISA - Fortinet Releases Security Update for FortiOS

• Fuzzing Fortigate 7