CVE-2023-36640

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands

Published: May 14, 2024
Updated: May 24, 2024
CVE: CVE-2023-36640
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	1.0.0	1.0.7.x
fortinet / fortiproxy	1.1.0	1.1.6.x
fortinet / fortiproxy	1.2.0	1.2.13.x
fortinet / fortiproxy	7.0.0	7.0.10.x
fortinet / fortiproxy	7.2.0	7.2.4.x
fortinet / fortiproxy	2.0.0	2.0.14.x
fortinet / fortipam	-	1.0.3.x
fortinet / fortios	7.2.0	7.2.0.x
fortinet / fortios	6.0.0	6.0.16.x
fortinet / fortios	7.0.0	7.0.12.x
fortinet / fortios	6.4.0	6.4.14.x
fortinet / fortios	6.2.0	6.2.16.x

https://fortiguard.com/psirt/FG-IR-23-137

Vulnerability Database

289,784

CVE-2023-36640