Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2023-29184
CVE-2023-29184:
FortiOS vulnerability analysis and mitigation
Overview
An incomplete cleanup vulnerability (CVE-2023-29184) was discovered in FortiOS and FortiProxy systems. The vulnerability, identified as CWE-459, affects FortiOS versions 7.2 and earlier, and FortiProxy versions ranging from 7.2.0 through 7.2.2 and before 7.0.8. This security issue was initially published on June 10, 2025, and was reported by Bobby Metz from Lumen Technologies under responsible disclosure (Fortinet PSIRT).
Technical details
The vulnerability is classified as an incomplete cleanup issue that affects the Command Line Interface (CLI) component of the affected systems. It has been assigned a CVSS v3.1 base score of 3.2 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N. The technical nature of the vulnerability involves improper cleanup processes that could allow a VDOM privileged attacker to add SSH key files on the system silently through crafted CLI requests (NVD, Fortinet PSIRT).
Impact
The vulnerability's impact is considered low severity, primarily affecting system integrity. When successfully exploited, it allows an attacker with VDOM privileges to silently add SSH key files to the system, potentially leading to unauthorized persistence mechanisms (Fortinet PSIRT).
Mitigation and workarounds
Fortinet has released patches to address this vulnerability. For FortiOS users, the recommendation is to migrate to a fixed release if running version 7.2 or earlier. FortiProxy users running versions 7.2.0 through 7.2.2 should upgrade to version 7.2.3 or above, while those on versions 7.0.0 through 7.0.8 should upgrade to version 7.0.9 or above. Users can follow the recommended upgrade path using Fortinet's upgrade tool (Fortinet PSIRT).
Community reactions
The vulnerability has been acknowledged in the cybersecurity community as part of a larger security update from Fortinet addressing multiple vulnerabilities across their product portfolio. While this particular vulnerability is rated as low severity, it has been included in broader security discussions regarding Fortinet's ongoing commitment to addressing security issues (Cybersecurity News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management