CVE-2023-33302

CVE Database · CVE-2023-33302

CVE-2023-33302

· MEDIUMAnalyzed

CVSS v3.1

4.7

EPSS

0.29%

Published

Mar 31, 2025

Modified

Jul 23, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-120

Affected Products (5)

fortinet · fortimailvulnerable

fortinet · fortimail (up to 6.0.11)vulnerable

fortinet · fortimail (up to 6.2.7)vulnerable

fortinet · fortimail (up to 6.4.5)vulnerable

fortinet · fortindr (up to 7.2.1)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-21-023

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs