CVE-2023-28002 MEDIUM

CVE-2023-28002

Vendor Fortinet
Product FortiOS
Weakness CWE-354
Published November 14, 2023
Last update June 11, 2025

CVSS base score

5.8/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

What the vulnerability does

01Description

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place.

Key dates

02Disclosure timeline

November 14, 2023 CVE published
June 11, 2025 Record updated