Cyber Posture

CVE-2023-33302

Medium

Published: 31 March 2025

Published
31 March 2025
Modified
23 July 2025
KEV Added
Patch
CVSS Score 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0036 58.4th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2023-33302 is a classic buffer overflow vulnerability (CWE-120) stemming from a buffer copy without checking the size of input. It affects the webmail and administrative interface in Fortinet FortiMail versions 6.4.0 through 6.4.4 and before 6.2.6, as well as the administrative interface in FortiNDR version 7.2.0 and before 7.1.0. The issue has a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L), indicating medium severity.

An authenticated attacker with regular webmail access can exploit this vulnerability over the network with low complexity and no user interaction required. By sending specifically crafted HTTP requests, the attacker can trigger the buffer overflow, potentially leading to execution of unauthorized code or commands.

Fortinet's advisory FG-IR-21-023, available at https://fortiguard.fortinet.com/psirt/FG-IR-21-023, provides details on the vulnerability, including recommended patches and mitigation steps.

Details

CWE(s)
CWE-120

Affected Products

fortinet
fortimail
5.4.0 — 5.4.12 · 6.0.0 — 6.0.11 · 6.2.0 — 6.2.7
fortinet
fortindr
1.1.0 — 7.2.1

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The buffer overflow in the webmail/administrative web interface allows authenticated attackers to trigger RCE via crafted HTTP requests, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References