CVE-2024-23113
published 2024-02-15CVE-2024-23113: A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-10-30
Exploited in the wild
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 7.0.0 – 7.0.13 | — |
| fortinet | fortios | 7.2.0 – 7.2.6 | — |
| fortinet | fortios | 7.4.0 – 7.4.2 | — |
| fortinet | fortipam | — | — |
| fortinet | fortipam | — | — |
| fortinet | fortipam | 1.0.0 – 1.0.3 | — |
| fortinet | fortipam | 1.1.0 – 1.1.2 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | 7.0.0 – 7.0.14 | — |
| fortinet | fortiproxy | 7.2.0 – 7.2.8 | — |
| fortinet | fortiproxy | 7.4.0 – 7.4.2 | — |
| fortinet | fortiswitchmanager | — | — |
| fortinet | fortiswitchmanager | 7.0.0 – 7.0.3 | — |
| fortinet | fortiswitchmanager | 7.2.0 – 7.2.3 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL