CVE-2023-29184
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-07-24
Assigner: Fortinet, Inc.
Description
Description
An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-459 | The product does not properly "clean up" and remove temporary or supporting resources after they have been used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an incomplete cleanup issue in FortiOS and FortiProxy versions 7.2 and earlier. It allows a VDOM privileged attacker to silently add SSH key files to the system using specially crafted CLI requests.
How can this vulnerability impact me? :
An attacker with VDOM privileged access can add unauthorized SSH key files to the system without detection, potentially enabling unauthorized access or persistence on the affected device.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70