CVE-2023-36639
HIGHFortinet FortiProxy 7.0.0-7.0.10 and 7.2.0-7.2.4 - Use of Externally-Controlled Format String via API Requests
Title source: llmDescription
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-138
Scores
CVSS v3
7.2
EPSS
0.0106
EPSS Percentile
60.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-134
Status
published
Products (5)
fortinet/fortios
7.4.0
fortinet/fortios
6.0.0 - 6.0.17
fortinet/fortipam
1.1.0
fortinet/fortipam
1.0.0 - 1.0.3
fortinet/fortiproxy
7.0.0 - 7.0.10
Published
Dec 13, 2023
Tracked Since
Feb 18, 2026