CVE-2023-36639
published 2023-12-13CVE-2023-36639: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 6.0.0 – 6.0.17 | — |
| fortinet | fortios | 6.2.0 – 6.2.15 | — |
| fortinet | fortios | 6.4.0 – 6.4.12 | — |
| fortinet | fortios | 7.0.0 – 7.0.11 | — |
| fortinet | fortios | 7.2.0 – 7.2.4 | — |
| fortinet | fortipam | — | — |
| fortinet | fortipam | — | — |
| fortinet | fortipam | 1.0.0 – 1.0.3 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | 7.0.0 – 7.0.10 | — |
| fortinet | fortiproxy | 7.2.0 – 7.2.4 | — |