CVE-2023-29184 LOW

CVE-2023-29184

Vendor Fortinet
Product FortiProxy
Weakness CWE-459
Published June 10, 2025
Last update June 11, 2025

CVSS base score

3.1/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:X

What the vulnerability does

01Description

An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 11, 2025 Record updated