CVE-2023-36640
6.7MEDIUMA use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1
Опубликовано: 5/14/2024Обновлено: 11/21/2024
Описание
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands
ИИ-АнализНа базе ИИ
Затронутые продукты
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiproxy
fortinetfortipam
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
7.2.0
Ссылки
- https://fortiguard.com/psirt/FG-IR-23-137Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-23-137Vendor Advisory