CVE-2023-46718: 
FortiOS vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2023-46718) was discovered in Fortinet FortiOS and FortiProxy systems. The vulnerability, identified on October 14, 2025, affects multiple versions of FortiOS (from 6.0.13 through 7.4.1) and FortiProxy (from 7.0.0 through 7.4.7). This security flaw allows an authenticated attacker to execute unauthorized code or commands through specially crafted CLI commands (Fortinet Advisory, NVD).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) that exists in the CLI component. It received a CVSS v3.1 base score of 7.8 (HIGH) according to NIST NVD assessment, while Fortinet assigned it a score of 6.7 (MEDIUM). The attack vector is Local (AV:L), with Low attack complexity (AC:L), requiring High privileges (PR:H) and No user interaction (UI:N). The scope is Unchanged (S:U) with High impact on Confidentiality, Integrity, and Availability (C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability allows an authenticated attacker to execute unauthorized code or commands on the affected systems. The high CVSS impact scores for confidentiality, integrity, and availability indicate that successful exploitation could result in significant system compromise (Fortinet Advisory).

Fortinet has released patches for affected versions and recommends the following actions: For FortiOS 7.4.0-7.4.1, upgrade to version 7.4.2 or above; For FortiOS 7.2.0-7.2.11, upgrade to version 7.2.12 or above; For FortiProxy 7.4.0-7.4.7, upgrade to version 7.4.8 or above. Users of FortiOS 7.0, 6.4, 6.2, 6.0, and FortiProxy 7.2, 7.0 versions should migrate to a fixed release. Fortinet provides an upgrade path tool at their documentation site (Fortinet Advisory).