CVE-2023-29181
HIGHFortiOS 6.0.0-6.2.14, FortiProxy 1.0.0-2.0.12, FortiPAM 1.0.0-1.0.3 - Use of Externally-Controlled Format String
Title source: llmDescription
A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-119
Scores
CVSS v3
8.8
EPSS
0.0072
EPSS Percentile
49.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-134
Status
published
Products (3)
fortinet/fortios
6.0.0 - 6.2.15
fortinet/fortipam
1.0.0 - 1.1.0
fortinet/fortiproxy
1.0.0 - 2.0.13
Published
Feb 22, 2024
Tracked Since
Feb 18, 2026