Format String Vulnerability in Fortinet FortiProxy and FortiOS Products
CVE-2023-45583

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortiproxy; Fortipam; Fortiswitchmanager; FortiOS
Vendor: CVE Published:; 14 May 2024

Summary

A format string vulnerability exists in certain versions of Fortinet's FortiProxy, FortiOS, and FortiSwitchManager products due to inadequate validation of external input. This weakness allows an attacker to execute arbitrary code or commands by crafting specific command-line interface (CLI) commands and HTTP requests. The vulnerability impacts multiple versions across various Fortinet products, consequently posing a significant risk to affected systems.

Affected Version(s)

FortiOS 7.4.0

FortiOS 7.2.0 <= 7.2.5

FortiOS 7.0.0 <= 7.0.12

References

https://fortiguard.com/psirt/FG-IR-23-137

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Oct 9, 2023