Details of VAR-202511-1341

ID

VAR-202511-1341

CVE

CVE-2025-46776

TITLE

Fortinet FortiExtender buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-29158

DESCRIPTION

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands. The Fortinet FortiExtender is a wireless WAN (Wide Area Network) extender device manufactured by Fortinet Systems, Inc. The Fortinet FortiExtender contains a buffer overflow vulnerability stemming from unchecked input size buffer copying

Trust: 1.44

sources: NVD: CVE-2025-46776 // CNVD: CNVD-2025-29158

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-29158

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	lt	version:	7.4.8	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	lt	version:	7.6.3	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.0.0,<7.4.8	Trust: 0.6
vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.6.0,<7.6.3	Trust: 0.6

sources: CNVD: CNVD-2025-29158 // NVD: CVE-2025-46776

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2025-46776
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-46776
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-29158
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-29158
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@fortinet.com:	CVE-2025-46776
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-46776
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-29158 // NVD: CVE-2025-46776 // NVD: CVE-2025-46776

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2025-46776

PATCH

title:

Patch for Fortinet FortiExtender buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/756826

Trust: 0.6

sources: CNVD: CNVD-2025-29158

EXTERNAL IDS

db:	NVD	id:	CVE-2025-46776	Trust: 1.6
db:	CNVD	id:	CNVD-2025-29158	Trust: 0.6

sources: CNVD: CNVD-2025-29158 // NVD: CVE-2025-46776

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-25-251	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-46776	Trust: 0.6

sources: CNVD: CNVD-2025-29158 // NVD: CVE-2025-46776

SOURCES

db:	CNVD	id:	CNVD-2025-29158
db:	NVD	id:	CVE-2025-46776

LAST UPDATE DATE

2025-11-23T23:49:02.520000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-29158	date:	2025-11-21T00:00:00
db:	NVD	id:	CVE-2025-46776	date:	2025-11-20T14:39:19.060

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-29158	date:	2025-11-21T00:00:00
db:	NVD	id:	CVE-2025-46776	date:	2025-11-18T17:16:02.180