A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-23-138 | Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-23-138 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/psirt/FG-IR-23-138 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
15 Dec 2023, 18:54
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/psirt/FG-IR-23-138 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CPE | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:* |
|
| First Time |
Fortinet
Fortinet fortipam Fortinet fortios Fortinet fortiproxy |
13 Dec 2023, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-13 07:15
Updated : 2024-11-21 08:10
NVD link : CVE-2023-36639
Mitre link : CVE-2023-36639
CVE.ORG link : CVE-2023-36639
JSON object : View
Products Affected
fortinet
- fortipam
- fortios
- fortiproxy
CWE
CWE-134
Use of Externally-Controlled Format String