CVE-2023-45583

CWE-134 — Uncontrolled Format String4 documents4 sources

Severity

7.2HIGH

EPSS

0.2%

top 56.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy Fortinet Fortiswitchmanager +1 more

Timeline

PublishedMay 14

Description

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages8 packages

▶NVDfortinet/fortios6.2.0 — 6.2.16+5

▶NVDfortinet/fortiproxy< 7.0.12+1

▶NVDfortinet/fortiswitchmanager7.0.0 — 7.0.3+1

▶CVEListV5fortinet/fortios7.2.0 — 7.2.5+4

▶CVEListV5fortinet/fortipam1.0.0 — 1.0.3+1

🔴Vulnerability Details

CVEList

CVE-2023-45583: A use of externally-controlled format string in Fortinet FortiProxy versions 7↗2024-05-14

▶

GHSA

GHSA-q467-67pv-7pmf: A use of externally-controlled format string in Fortinet FortiProxy versions 7↗2024-05-14

▶

📋Vendor Advisories

Fortinet

Format String Bug in cli command↗2024-05-14

▶