CVE-2023-29182: 
FortiOS vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability [CWE-121] was discovered in Fortinet FortiOS affecting versions 6.2 (all versions), 6.4.0 through 6.4.14, and 7.0.0 through 7.0.3. The vulnerability was assigned CVE-2023-29182 and was publicly disclosed on August 17, 2023. It received a CVSS v3.1 base score of 6.7 (Medium severity) (NVD, Fortiguard).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) that could allow a privileged attacker to execute arbitrary code through specially crafted CLI commands. The exploitation is contingent on the attacker's ability to evade FortiOS stack protections. The vulnerability has been assigned two different CVSS vectors: NIST assessed it as CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (6.7), while Fortinet rated it as CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H (6.4) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute unauthorized code or commands on the affected system, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (Fortiguard).

Fortinet has released security updates to address this vulnerability. Users are advised to upgrade to one of the following versions: FortiOS version 7.4.0 or above, FortiOS version 7.2.0 or above, FortiOS version 7.0.4 or above, or FortiOS version 6.4.15 or above (Fortiguard).