CVE-2023-36640
6.7MEDIUMA use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1
Publicado: 5/14/2024Actualizado: 11/21/2024
Descripción
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands
Análisis IAImpulsado por IA
Productos Afectados
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortipam
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
7.2.0
Referencias
- https://fortiguard.com/psirt/FG-IR-23-137Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-23-137Vendor Advisory