CVE-2024-23113

CRITICAL KEV

Fortinet Fortiproxy < 7.0.14 - Format String Vulnerability

Title source: rule

Description

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

Exploits (8)

nomisec SCANNER 10 stars
by p33d · infoleak
https://github.com/p33d/CVE-2024-23113
github WORKING POC 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2024/CVE-2024-23113
nomisec SCANNER 1 stars
by MAVRICK-1 · poc
https://github.com/MAVRICK-1/cve-2024-23113-test-env
nomisec SCANNER 1 stars
by valornode · dos
https://github.com/valornode/CVE-2024-23113
nomisec SCANNER 1 stars
by puckiestyle · infoleak
https://github.com/puckiestyle/CVE-2024-23113
nomisec STUB 1 stars
by CheckCve2 · poc
https://github.com/CheckCve2/CVE-2024-23113
nomisec SCANNER
by ownouwa · poc
https://github.com/ownouwa/cve-2024-23113-poc

References (2)

Scores

CVSS v3 9.8
EPSS 0.5803
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-10-09
VulnCheck KEV 2024-10-09
InTheWild.io 2024-10-09
ENISA EUVD EUVD-2024-20638
CWE
CWE-134
Status published
Products (5)
fortinet/fortios 7.0.0 - 7.0.13
fortinet/fortipam 1.2.0
fortinet/fortipam 1.0.0 - 1.0.3
fortinet/fortiproxy 7.0.0 - 7.0.14
fortinet/fortiswitchmanager 7.0.0 - 7.0.3
Published Feb 15, 2024
KEV Added Oct 09, 2024
Tracked Since Feb 18, 2026