CVE-2023-36640
6.7MEDIUMA use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1
Published: 5/14/2024Updated: 11/21/2024
Description
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands
AI AnalysisPowered by AI
Affected Products
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortipam
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
7.2.0
References
- https://fortiguard.com/psirt/FG-IR-23-137Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-23-137Vendor Advisory