CVE-2023-45583

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.

Published: May 14, 2024
Updated: May 24, 2024
CVE: CVE-2023-45583
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	7.2.0.x	7.2.6
fortinet / fortiproxy	-	7.0.12
fortinet / fortiswitchmanager	7.2.0	7.2.3
fortinet / fortiswitchmanager	7.0.0	7.0.3
fortinet / fortios	7.0.0	7.0.12.x
fortinet / fortios	7.4.0	7.4.0.x
fortinet / fortios	7.2.0	7.2.5.x
fortinet / fortios	6.4.0	6.4.15.x
fortinet / fortios	6.2.0	6.2.16.x
fortinet / fortios	-	7.2.6
fortinet / fortipam	1.1.0	1.1.0.x
fortinet / fortipam	1.0.0	1.0.3.x

https://fortiguard.com/psirt/FG-IR-23-137

Vulnerability Database

289,784

CVE-2023-45583